Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

CVE Issued by Tag CVE ID CVE Title
MicrosoftAzure Data Science Virtual Machines CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
MicrosoftAzure File Sync CVE-2024-35253 Microsoft Azure File Sync Elevation of Privilege Vulnerability
MicrosoftAzure Monitor CVE-2024-35254 Azure Monitor Agent Elevation of Privilege Vulnerability
MicrosoftAzure SDK CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
MicrosoftAzure Storage Library CVE-2024-35252 Azure Storage Movement Client Library Denial of Service Vulnerability
MicrosoftDynamics Business Central CVE-2024-35249 Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
MicrosoftDynamics Business Central CVE-2024-35248 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
infosec@edk2.groups.ioMariner CVE-2024-1298 Unknown
cve@mitre.orgMariner CVE-2019-19646 Unknown
cve@mitre.orgMariner CVE-2019-20503 Unknown
cve@checkpoint.comMariner CVE-2019-8457 Unknown
cve@mitre.orgMariner CVE-2020-11655 Unknown
cve@mitre.orgMariner CVE-2019-9741 Unknown
cve@mitre.orgMariner CVE-2020-13631 Unknown
cve@mitre.orgMariner CVE-2020-13630 Unknown
cve@mitre.orgMariner CVE-2020-13632 Unknown
cve@mitre.orgMariner CVE-2019-19645 Unknown
cve@mitre.orgMariner CVE-2020-15586 Unknown
cve@mitre.orgMariner CVE-2021-3115 Unknown
cve@mitre.orgMariner CVE-2020-11656 Unknown
cve@mitre.orgMariner CVE-2019-14274 Unknown
cve@mitre.orgMariner CVE-2018-20505 Unknown
cve@mitre.orgMariner CVE-2019-13636 Unknown
cve@mitre.orgMariner CVE-2018-20506 Unknown
cve@mitre.orgMariner CVE-2020-18032 Unknown
cve@mitre.orgMariner CVE-2018-20346 Unknown
cve@mitre.orgMariner CVE-2018-20169 Unknown
cve@mitre.orgMariner CVE-2018-1999023 Unknown
cve@mitre.orgMariner CVE-2018-20969 Unknown
cve@mitre.orgMariner CVE-2018-1000097 Unknown
secalert_us@oracle.comMariner CVE-2017-3612 Unknown
cve@mitre.orgMariner CVE-2018-1000035 Unknown
cve@mitre.orgMariner CVE-2015-7696 Unknown
secalert@redhat.comMariner CVE-2015-5157 Unknown
cve@mitre.orgMariner CVE-2019-13638 Unknown
cve@mitre.orgMariner CVE-2021-26720 Unknown
security@apache.orgMariner CVE-2021-36373 Unknown
secalert@redhat.comMariner CVE-2021-3468 Unknown
openssl-security@openssl.orgMariner CVE-2022-4450 Unknown
secalert@redhat.comMariner CVE-2022-4415 Unknown
cve-assignments@hackerone.comMariner CVE-2022-43551 Unknown
security@golang.orgMariner CVE-2022-41723 Unknown
cve@mitre.orgMariner CVE-2022-40320 Unknown
security@golang.orgMariner CVE-2022-41717 Unknown
security-advisories@github.comMariner CVE-2022-39353 Unknown
cve@mitre.orgMariner CVE-2022-37616 Unknown
cve@mitre.orgMariner CVE-2022-37434 Unknown
infosec@edk2.groups.ioMariner CVE-2022-36764 Unknown
infosec@edk2.groups.ioMariner CVE-2022-36765 Unknown
support@hackerone.comMariner CVE-2022-35260 Unknown
cve@mitre.orgMariner CVE-2021-27378 Unknown
cve@mitre.orgMariner CVE-2022-31394 Unknown
cve@mitre.orgMariner CVE-2022-28805 Unknown
security@ubuntu.comMariner CVE-2022-28734 Unknown
security@ubuntu.comMariner CVE-2022-28733 Unknown
cve@mitre.orgMariner CVE-2022-28391 Unknown
openssl-security@openssl.orgMariner CVE-2022-2097 Unknown
security@huntr.devMariner CVE-2022-1996 Unknown
cve@mitre.orgMariner CVE-2021-44716 Unknown
cve@mitre.orgMariner CVE-2021-45985 Unknown
secalert@redhat.comMariner CVE-2021-3981 Unknown
cve@mitre.orgMariner CVE-2021-38190 Unknown
vultures@jpcert.or.jpMariner CVE-2015-2987 Unknown
secalert@redhat.comMariner CVE-2021-3502 Unknown
cve@mitre.orgMariner CVE-2022-29526 Unknown
cve@mitre.orgMariner CVE-2014-9636 Unknown
secalert@redhat.comMariner CVE-2014-8139 Unknown
secalert@redhat.comMariner CVE-2014-8141 Unknown
secalert@redhat.comMariner CVE-2024-2494 Unknown
security@php.netMariner CVE-2024-2408 Unknown
security-advisories@github.comMariner CVE-2024-22189 Unknown
support@hackerone.comMariner CVE-2024-22025 Unknown
ykramarz@cisco.comMariner CVE-2024-20328 Unknown
secalert@redhat.comMariner CVE-2024-2002 Unknown
security@php.netMariner CVE-2024-1874 Unknown
cna@python.orgMariner CVE-2023-6597 Unknown
secalert@redhat.comMariner CVE-2023-7250 Unknown
secalert@redhat.comMariner CVE-2023-3966 Unknown
cve@kernel.orgMariner CVE-2024-36971 Unknown
cve@kernel.orgMariner CVE-2024-36902 Unknown
security-advisories@github.comMariner CVE-2024-25110 Unknown
cve@kernel.orgMariner CVE-2024-36023 Unknown
secalert@redhat.comMariner CVE-2023-6246 Unknown
secalert@redhat.comMariner CVE-2023-6779 Unknown
facts@wolfssl.comMariner CVE-2024-0901 Unknown
security-advisories@github.comMariner CVE-2024-27304 Unknown
cve@mitre.orgMariner CVE-2008-2149 Unknown
cve@mitre.orgMariner CVE-2019-19977 Unknown
secalert@redhat.comMariner CVE-2004-2771 Unknown
cve@mitre.orgMariner CVE-2008-3908 Unknown
cve@mitre.orgMariner CVE-2016-7567 Unknown
secalert@redhat.comMariner CVE-2022-2990 Unknown
secalert@redhat.comMariner CVE-2014-3618 Unknown
cve@mitre.orgMariner CVE-2019-17362 Unknown
security@golang.orgMariner CVE-2021-4238 Unknown
security-advisories@github.comMariner CVE-2024-25629 Unknown
security-advisories@github.comMariner CVE-2024-26147 Unknown
security-advisories@github.comMariner CVE-2024-27099 Unknown
secalert@redhat.comMariner CVE-2014-8140 Unknown
secalert@redhat.comMariner CVE-2022-4515 Unknown
chrome-cve-admin@google.comMariner CVE-2014-3185 Unknown
secalert@redhat.comMariner CVE-2014-0069 Unknown
secalert@redhat.comMariner CVE-2013-6381 Unknown
secalert@redhat.comMariner CVE-2013-4342 Unknown
secalert@redhat.comMariner CVE-2013-4420 Unknown
cve@mitre.orgMariner CVE-2010-2891 Unknown
oss-report@checkmarx.comMariner CVE-2024-4068 Unknown
cve@mitre.orgMariner CVE-2012-6687 Unknown
secalert@redhat.comMariner CVE-2008-0888 Unknown
cve@mitre.orgMariner CVE-2024-38428 Unknown
cve@mitre.orgMariner CVE-2007-2768 Unknown
security@php.netMariner CVE-2024-5585 Unknown
security@php.netMariner CVE-2024-5458 Unknown
cve@mitre.orgMariner CVE-2024-37535 Unknown
security@hashicorp.comMariner CVE-2024-3817 Unknown
secalert@redhat.comMariner CVE-2024-5564 Unknown
security-advisories@github.comMariner CVE-2024-34064 Unknown
security-advisories@github.comMariner CVE-2024-32465 Unknown
security-advisories@github.comMariner CVE-2024-32021 Unknown
security-advisories@github.comMariner CVE-2024-32020 Unknown
secalert@redhat.comMariner CVE-2024-3154 Unknown
security-advisories@github.comMariner CVE-2024-28180 Unknown
security-advisories@github.comMariner CVE-2024-28110 Unknown
support@hackerone.comMariner CVE-2024-27983 Unknown
support@hackerone.comMariner CVE-2024-27982 Unknown
cve@mitre.orgMariner CVE-2014-9913 Unknown
cve@mitre.orgMariner CVE-2022-48285 Unknown
openssl-security@openssl.orgMariner CVE-2023-0286 Unknown
secalert@redhat.comMariner CVE-2022-4904 Unknown
security-advisories@github.comMariner CVE-2024-24806 Unknown
cve@mitre.orgMariner CVE-2024-29158 Unknown
security-advisories@github.comMariner CVE-2024-24758 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-27078 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-27058 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-27037 Unknown
security-advisories@github.comMariner CVE-2024-24557 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-27045 Unknown
cve@mitre.orgMariner CVE-2024-24259 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-27051 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-27061 Unknown
security-advisories@github.comMariner CVE-2024-23652 Unknown
cve@mitre.orgMariner CVE-2024-29159 Unknown
cve@mitre.orgMariner CVE-2024-24258 Unknown
security-advisories@github.comMariner CVE-2024-23653 Unknown
security-advisories@github.comMariner CVE-2024-23650 Unknown
security-advisories@github.comMariner CVE-2024-23651 Unknown
security@ubuntu.comMariner CVE-2024-2313 Unknown
openssl-security@openssl.orgMariner CVE-2023-6237 Unknown
security-officer@isc.orgMariner CVE-2023-6516 Unknown
openssl-security@openssl.orgMariner CVE-2023-6129 Unknown
security@google.comMariner CVE-2023-6111 Unknown
cve@mitre.orgMariner CVE-2023-51779 Unknown
cve@mitre.orgMariner CVE-2023-52071 Unknown
cve@mitre.orgMariner CVE-2023-51764 Unknown
cve@mitre.orgMariner CVE-2023-51714 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-27038 Unknown
cve@mitre.orgMariner CVE-2023-51385 Unknown
cve@kernel.orgMariner CVE-2024-26581 Unknown
cve@mitre.orgMariner CVE-2024-26455 Unknown
secalert@redhat.comMariner CVE-2023-4001 Unknown
secalert@redhat.comMariner CVE-2023-6780 Unknown
security@vmware.comMariner CVE-2019-5544 Unknown
security@elastic.coMariner CVE-2022-0699 Unknown
cve@mitre.orgMariner CVE-2017-16844 Unknown
cve@mitre.orgMariner CVE-2024-32613 Unknown
cve@mitre.orgMariner CVE-2024-32611 Unknown
cve@mitre.orgMariner CVE-2024-32614 Unknown
cve@mitre.orgMariner CVE-2024-32612 Unknown
cve@mitre.orgMariner CVE-2024-32609 Unknown
cve@mitre.orgMariner CVE-2024-32610 Unknown
cve@mitre.orgMariner CVE-2024-31744 Unknown
security-advisories@github.comMariner CVE-2024-25620 Unknown
cve@mitre.orgMariner CVE-2024-30205 Unknown
cve@mitre.orgMariner CVE-2024-31852 Unknown
security-advisories@github.comMariner CVE-2024-29195 Unknown
cve@mitre.orgMariner CVE-2024-29166 Unknown
cve@mitre.orgMariner CVE-2024-29165 Unknown
cve@kernel.orgMariner CVE-2024-26904 Unknown
cve@kernel.orgMariner CVE-2024-26902 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26903 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26901 Unknown
cve@kernel.orgMariner CVE-2024-26585 Unknown
cve@kernel.orgMariner CVE-2024-26583 Unknown
cve@mitre.orgMariner CVE-2024-29160 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26582 Unknown
jordan@liggitt.netMariner CVE-2024-3177 Unknown
secalert@redhat.comMariner CVE-2024-1454 Unknown
security@google.comMariner CVE-2024-1086 Unknown
cve@mitre.orgMariner CVE-2023-51384 Unknown
cve@mitre.orgMariner CVE-2023-29941 Unknown
secalert@redhat.comMariner CVE-2023-2977 Unknown
secure@intel.comMariner CVE-2023-28938 Unknown
secure@intel.comMariner CVE-2023-28736 Unknown
support@hackerone.comMariner CVE-2023-28320 Unknown
support@hackerone.comMariner CVE-2023-28319 Unknown
security-advisories@github.comMariner CVE-2023-27579 Unknown
security@hashicorp.comMariner CVE-2023-2816 Unknown
support@hackerone.comMariner CVE-2023-27536 Unknown
support@hackerone.comMariner CVE-2023-27535 Unknown
support@hackerone.comMariner CVE-2023-27534 Unknown
support@hackerone.comMariner CVE-2023-27533 Unknown
security-advisories@github.comMariner CVE-2023-31130 Unknown
openssl-security@openssl.orgMariner CVE-2023-2650 Unknown
report@snyk.ioMariner CVE-2023-26159 Unknown
security-advisories@github.comMariner CVE-2023-25801 Unknown
security-advisories@github.comMariner CVE-2023-25671 Unknown
security-advisories@github.comMariner CVE-2023-25663 Unknown
cve-assignments@hackerone.comMariner CVE-2023-23915 Unknown
cve-assignments@hackerone.comMariner CVE-2023-23914 Unknown
secalert@redhat.comMariner CVE-2023-2253 Unknown
security-advisories@github.comMariner CVE-2023-22466 Unknown
secalert@redhat.comMariner CVE-2023-1668 Unknown
openssl-security@openssl.orgMariner CVE-2023-0464 Unknown
openssl-security@openssl.orgMariner CVE-2024-4603 Unknown
openssl-security@openssl.orgMariner CVE-2023-0215 Unknown
security-advisories@github.comMariner CVE-2023-26484 Unknown
security-advisories@github.comMariner CVE-2023-31147 Unknown
security-advisories@github.comMariner CVE-2023-32067 Unknown
support@hackerone.comMariner CVE-2023-32001 Unknown
MicrosoftMariner CVE-2024-0985 Unknown
cve@mitre.orgMariner CVE-2023-51257 Unknown
secalert@redhat.comMariner CVE-2024-1151 Unknown
secalert@redhat.comMariner CVE-2023-5115 Unknown
secalert@redhat.comMariner CVE-2023-50782 Unknown
cve@mitre.orgMariner CVE-2023-50658 Unknown
cve@mitre.orgMariner CVE-2023-49990 Unknown
security-advisories@github.comMariner CVE-2023-49083 Unknown
cve@mitre.orgMariner CVE-2023-48795 Unknown
openssl-security@openssl.orgMariner CVE-2023-4807 Unknown
cve@mitre.orgMariner CVE-2023-47234 Unknown
cve@mitre.orgMariner CVE-2023-47090 Unknown
cve@mitre.orgMariner CVE-2023-47235 Unknown
secalert@redhat.comMariner CVE-2023-4693 Unknown
security-advisories@github.comMariner CVE-2023-47108 Unknown
cve@mitre.orgMariner CVE-2023-46752 Unknown
security-advisories@github.comMariner CVE-2023-46129 Unknown
security-advisories@github.comMariner CVE-2023-46136 Unknown
security-advisories@github.comMariner CVE-2023-41051 Unknown
secalert@redhat.comMariner CVE-2023-40661 Unknown
security@golang.orgMariner CVE-2023-3978 Unknown
secalert@redhat.comMariner CVE-2023-40660 Unknown
cve@mitre.orgMariner CVE-2023-33460 Unknown
cve-coordination@google.comMariner CVE-2023-33953 Unknown
security-officer@isc.orgMariner CVE-2023-3341 Unknown
cve-coordination@google.comMariner CVE-2023-32732 Unknown
cve-coordination@google.comMariner CVE-2023-32731 Unknown
cve@mitre.orgMariner CVE-2022-48579 Unknown
secalert@redhat.comMariner CVE-2024-3727 Unknown
security-advisories@github.comMariner CVE-2024-34062 Unknown
cve@mitre.orgMariner CVE-2024-33876 Unknown
security@apache.orgMariner CVE-2021-36374 Unknown
secalert@redhat.comMariner CVE-2021-3697 Unknown
cve@mitre.orgMariner CVE-2021-37501 Unknown
cve@mitre.orgMariner CVE-2021-33391 Unknown
securities@openeuler.orgMariner CVE-2021-33646 Unknown
securities@openeuler.orgMariner CVE-2021-33644 Unknown
securities@openeuler.orgMariner CVE-2021-33645 Unknown
vulnreport@tenable.comMariner CVE-2024-4323 Unknown
securities@openeuler.orgMariner CVE-2021-33640 Unknown
secalert@redhat.comMariner CVE-2020-25657 Unknown
cve@mitre.orgMariner CVE-2020-24370 Unknown
secalert@redhat.comMariner CVE-2020-27815 Unknown
cve@mitre.orgMariner CVE-2020-28366 Unknown
secalert_us@oracle.comMariner CVE-2020-2981 Unknown
security@kubernetes.ioMariner CVE-2020-8554 Unknown
vuln@vdoo.comMariner CVE-2020-27304 Unknown
cve@mitre.orgMariner CVE-2020-22217 Unknown
cve@mitre.orgMariner CVE-2020-13435 Unknown
cve@mitre.orgMariner CVE-2020-13434 Unknown
secalert_us@oracle.comMariner CVE-2019-2708 Unknown
secalert_us@oracle.comMariner CVE-2019-3016 Unknown
security-officer@isc.orgMariner CVE-2019-6470 Unknown
cve@mitre.orgMariner CVE-2019-6293 Unknown
cve@mitre.orgMariner CVE-2019-16168 Unknown
cve@mitre.orgMariner CVE-2019-19391 Unknown
cve@mitre.orgMariner CVE-2019-11834 Unknown
cve@mitre.orgMariner CVE-2019-13232 Unknown
secalert@redhat.comMariner CVE-2021-3696 Unknown
secalert@redhat.comMariner CVE-2021-3695 Unknown
cve-coordination@google.comMariner CVE-2022-1941 Unknown
secalert@redhat.comMariner CVE-2022-0175 Unknown
secalert@redhat.comMariner CVE-2023-1393 Unknown
cve@mitre.orgMariner CVE-2022-47085 Unknown
cve@mitre.orgMariner CVE-2022-45873 Unknown
openssl-security@openssl.orgMariner CVE-2022-4304 Unknown
cve@mitre.orgMariner CVE-2022-42916 Unknown
cve@mitre.orgMariner CVE-2022-42915 Unknown
secalert@redhat.comMariner CVE-2022-3854 Unknown
secalert@redhat.comMariner CVE-2022-3775 Unknown
secalert@redhat.comMariner CVE-2022-3821 Unknown
secalert@redhat.comMariner CVE-2022-3857 Unknown
infosec@edk2.groups.ioMariner CVE-2022-36763 Unknown
cna@vuldb.comMariner CVE-2022-3563 Unknown
secalert@redhat.comMariner CVE-2022-3650 Unknown
cve@mitre.orgMariner CVE-2019-11835 Unknown
cve@mitre.orgMariner CVE-2022-33064 Unknown
cve@mitre.orgMariner CVE-2022-34038 Unknown
security@kubernetes.ioMariner CVE-2022-3162 Unknown
security@golang.orgMariner CVE-2022-32149 Unknown
security@golang.orgMariner CVE-2022-2879 Unknown
security@ubuntu.comMariner CVE-2022-28735 Unknown
security@ubuntu.comMariner CVE-2022-28736 Unknown
security-advisories@github.comMariner CVE-2022-21698 Unknown
secalert@redhat.comMariner CVE-2022-2601 Unknown
security-advisories@github.comMariner CVE-2022-24713 Unknown
security-advisories@github.comMariner CVE-2022-23639 Unknown
secalert@redhat.comMariner CVE-2022-0670 Unknown
openssl-security@openssl.orgMariner CVE-2022-1292 Unknown
secalert@redhat.comMariner CVE-2022-0135 Unknown
support@hackerone.comMariner CVE-2022-32221 Unknown
openssl-security@openssl.orgMariner CVE-2023-0465 Unknown
cve@mitre.orgMariner CVE-2018-6952 Unknown
cve@mitre.orgMariner CVE-2018-5996 Unknown
security-advisories@github.comMariner CVE-2024-30261 Unknown
security@php.netMariner CVE-2024-3096 Unknown
security-advisories@github.comMariner CVE-2024-30260 Unknown
security-advisories@github.comMariner CVE-2024-28849 Unknown
security-advisories@github.comMariner CVE-2024-27289 Unknown
disclosure@hiddenlayer.comMariner CVE-2024-27318 Unknown
security@php.netMariner CVE-2024-2756 Unknown
6f8de1f0-f67e-45a6-b68f-98777fdb759cMariner CVE-2024-27322 Unknown
disclosure@hiddenlayer.comMariner CVE-2024-27319 Unknown
openssl-security@openssl.orgMariner CVE-2024-2511 Unknown
secalert@redhat.comMariner CVE-2024-2496 Unknown
support@hackerone.comMariner CVE-2024-21892 Unknown
support@hackerone.comMariner CVE-2024-22019 Unknown
support@hackerone.comMariner CVE-2024-22017 Unknown
secalert@redhat.comMariner CVE-2024-21885 Unknown
secalert@redhat.comMariner CVE-2024-0874 Unknown
secalert@redhat.comMariner CVE-2024-1441 Unknown
cna@python.orgMariner CVE-2024-0450 Unknown
secalert@redhat.comMariner CVE-2024-1013 Unknown
zdi-disclosures@trendmicro.comMariner CVE-2023-50229 Unknown
psirt@us.ibm.comMariner CVE-2023-43040 Unknown
cve@mitre.orgMariner CVE-2023-52890 Unknown
openssl-security@openssl.orgMariner CVE-2023-3446 Unknown
cve-coordination@google.comMariner CVE-2023-2976 Unknown
cve@mitre.orgMariner CVE-2023-28531 Unknown
cve@kernel.orgMariner CVE-2024-36938 Unknown
cve@kernel.orgMariner CVE-2024-36897 Unknown
security-advisories@github.comMariner CVE-2024-29041 Unknown
security-advisories@github.comMariner CVE-2024-35176 Unknown
security-advisories@github.comMariner CVE-2024-35195 Unknown
security-advisories@github.comMariner CVE-2024-34069 Unknown
cve@mitre.orgMariner CVE-2018-25032 Unknown
cve@mitre.orgMariner CVE-2018-18384 Unknown
cve@mitre.orgMariner CVE-2018-1000156 Unknown
secalert@redhat.comMariner CVE-2018-10906 Unknown
cve@mitre.orgMariner CVE-2018-13410 Unknown
secalert@redhat.comMariner CVE-2018-1129 Unknown
secalert_us@oracle.comMariner CVE-2017-3614 Unknown
secalert_us@oracle.comMariner CVE-2017-3615 Unknown
secalert_us@oracle.comMariner CVE-2017-3617 Unknown
secalert_us@oracle.comMariner CVE-2017-3613 Unknown
secalert_us@oracle.comMariner CVE-2017-3616 Unknown
secalert_us@oracle.comMariner CVE-2017-3611 Unknown
secalert_us@oracle.comMariner CVE-2017-3609 Unknown
cve@mitre.orgMariner CVE-2018-6951 Unknown
secalert_us@oracle.comMariner CVE-2017-3607 Unknown
secalert_us@oracle.comMariner CVE-2017-3608 Unknown
cve@mitre.orgMariner CVE-2016-9844 Unknown
cve@mitre.orgMariner CVE-2017-17969 Unknown
secalert_us@oracle.comMariner CVE-2017-3606 Unknown
secalert_us@oracle.comMariner CVE-2017-3605 Unknown
secalert_us@oracle.comMariner CVE-2017-3604 Unknown
cve@mitre.orgMariner CVE-2015-7697 Unknown
cve@mitre.orgMariner CVE-2016-2781 Unknown
cve@mitre.orgMariner CVE-2016-9296 Unknown
secalert@redhat.comMariner CVE-2013-2094 Unknown
security@php.netMariner CVE-2024-4577 Unknown
secalert@redhat.comMariner CVE-2024-4418 Unknown
cna@postgresql.orgMariner CVE-2024-4317 Unknown
secalert_us@oracle.comMariner CVE-2017-3610 Unknown
security-advisories@github.comMariner CVE-2023-25660 Unknown
securities@openeuler.orgMariner CVE-2021-33643 Unknown
security-advisories@github.comMariner CVE-2023-25662 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26881 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26885 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26882 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26884 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26883 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26898 Unknown
cve@mitre.orgMariner CVE-2024-25580 Unknown
security-advisories@github.comMariner CVE-2024-21646 Unknown
support@hackerone.comMariner CVE-2024-21890 Unknown
support@hackerone.comMariner CVE-2024-21896 Unknown
support@hackerone.comMariner CVE-2024-21891 Unknown
security@google.comMariner CVE-2023-6932 Unknown
secalert@redhat.comMariner CVE-2023-6915 Unknown
secalert@redhat.comMariner CVE-2024-0690 Unknown
secalert@redhat.comMariner CVE-2024-0567 Unknown
secalert@redhat.comMariner CVE-2024-0553 Unknown
openssl-security@openssl.orgMariner CVE-2024-0727 Unknown
secalert@redhat.comMariner CVE-2024-0607 Unknown
cve@mitre.orgMariner CVE-2023-52429 Unknown
cve@mitre.orgMariner CVE-2023-52425 Unknown
secalert@redhat.comMariner CVE-2023-5992 Unknown
secalert@redhat.comMariner CVE-2023-5764 Unknown
cve@mitre.orgMariner CVE-2023-52426 Unknown
security-officer@isc.orgMariner CVE-2023-5679 Unknown
security-officer@isc.orgMariner CVE-2023-5517 Unknown
openssl-security@openssl.orgMariner CVE-2023-5678 Unknown
secalert@redhat.comMariner CVE-2023-5408 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26907 Unknown
security@kubernetes.ioMariner CVE-2023-5528 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26908 Unknown
security-advisories@github.comMariner CVE-2024-27308 Unknown
cve@mitre.orgMariner CVE-2024-33874 Unknown
cve@mitre.orgMariner CVE-2024-33877 Unknown
cve@mitre.orgMariner CVE-2024-33873 Unknown
cve@mitre.orgMariner CVE-2024-33875 Unknown
cve@mitre.orgMariner CVE-2024-32623 Unknown
cve@mitre.orgMariner CVE-2024-32621 Unknown
cve@mitre.orgMariner CVE-2024-32622 Unknown
cve@mitre.orgMariner CVE-2024-32616 Unknown
cve@mitre.orgMariner CVE-2024-32619 Unknown
cve@mitre.orgMariner CVE-2024-32620 Unknown
cve@mitre.orgMariner CVE-2024-32618 Unknown
cve@mitre.orgMariner CVE-2024-32615 Unknown
cve@mitre.orgMariner CVE-2024-32605 Unknown
cve@mitre.orgMariner CVE-2024-32607 Unknown
cve@mitre.orgMariner CVE-2024-32487 Unknown
cve@mitre.orgMariner CVE-2024-30203 Unknown
cve@mitre.orgMariner CVE-2024-30202 Unknown
cve@mitre.orgMariner CVE-2024-29162 Unknown
cve@mitre.orgMariner CVE-2024-29164 Unknown
security-advisories@github.comMariner CVE-2023-25659 Unknown
cve@mitre.orgMariner CVE-2024-29161 Unknown
cve@mitre.orgMariner CVE-2024-28757 Unknown
cve@mitre.orgMariner CVE-2024-29157 Unknown
security-advisories@github.comMariner CVE-2024-28863 Unknown
security-advisories@github.comMariner CVE-2024-28182 Unknown
security@php.netMariner CVE-2024-2757 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-27391 Unknown
416baaa9-dc9f-4396-8d5f-8c081fb06d67Mariner CVE-2024-26909 Unknown
secalert@redhat.comMariner CVE-2023-5215 Unknown
cve@mitre.orgMariner CVE-2024-29163 Unknown
cve@mitre.orgMariner CVE-2023-46753 Unknown
secalert@redhat.comMariner CVE-2023-3750 Unknown
security-advisories@github.comMariner CVE-2023-37920 Unknown
cve@mitre.orgMariner CVE-2023-31975 Unknown
support@hackerone.comMariner CVE-2023-28321 Unknown
support@hackerone.comMariner CVE-2023-28322 Unknown
support@hackerone.comMariner CVE-2023-27537 Unknown
support@hackerone.comMariner CVE-2023-27538 Unknown
cve@mitre.orgMariner CVE-2023-26964 Unknown
security-advisories@github.comMariner CVE-2023-27478 Unknown
security-advisories@github.comMariner CVE-2023-25674 Unknown
security-advisories@github.comMariner CVE-2023-25673 Unknown
security-advisories@github.comMariner CVE-2023-25676 Unknown
security-advisories@github.comMariner CVE-2023-25675 Unknown
security-advisories@github.comMariner CVE-2023-25672 Unknown
security-advisories@github.comMariner CVE-2023-25667 Unknown
security-advisories@github.comMariner CVE-2023-25665 Unknown
security-advisories@github.comMariner CVE-2023-25666 Unknown
security-advisories@github.comMariner CVE-2023-25664 Unknown
security-advisories@github.comMariner CVE-2023-25669 Unknown
security-advisories@github.comMariner CVE-2023-25670 Unknown
security-advisories@github.comMariner CVE-2023-25658 Unknown
cve@mitre.orgMariner CVE-2023-25012 Unknown
cve-assignments@hackerone.comMariner CVE-2023-23916 Unknown
security-advisories@github.comMariner CVE-2023-25153 Unknown
security-advisories@github.comMariner CVE-2023-23931 Unknown
cve-coordination@google.comMariner CVE-2023-4785 Unknown
security-advisories@github.comMariner CVE-2023-25668 Unknown
security-advisories@github.comMariner CVE-2023-37460 Unknown
cve@mitre.orgMariner CVE-2023-34411 Unknown
secalert@redhat.comMariner CVE-2023-2700 Unknown
openssl-security@openssl.orgMariner CVE-2023-3817 Unknown
cve@mitre.orgMariner CVE-2023-46813 Unknown
cve@mitre.orgMariner CVE-2023-46852 Unknown
cve@mitre.orgMariner CVE-2023-45853 Unknown
secalert@redhat.comMariner CVE-2023-4535 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45234 Unknown
cve@mitre.orgMariner CVE-2023-36328 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45236 Unknown
security-advisories@github.comMariner CVE-2023-46118 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45235 Unknown
secalert@redhat.comMariner CVE-2023-4692 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45233 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45229 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45231 Unknown
security-officer@isc.orgMariner CVE-2023-4408 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45237 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45232 Unknown
security-advisories@github.comMariner CVE-2023-45142 Unknown
cve@mitre.orgMariner CVE-2023-42282 Unknown
cve@mitre.orgMariner CVE-2023-46853 Unknown
cve@mitre.orgMariner CVE-2023-41913 Unknown
cve@mitre.orgMariner CVE-2023-41361 Unknown
security@golang.orgMariner CVE-2023-39325 Unknown
cve@mitre.orgMariner CVE-2023-38325 Unknown
cve@mitre.orgMariner CVE-2023-38710 Unknown
cve@mitre.orgMariner CVE-2023-38711 Unknown
infosec@edk2.groups.ioMariner CVE-2023-45230 Unknown
support@hackerone.comMariner CVE-2023-38546 Unknown
cve@mitre.orgMariner CVE-2023-38712 Unknown
MicrosoftMicrosoft Dataverse CVE-2024-35260 Microsoft Dataverse Remote Code Execution Vulnerability
MicrosoftMicrosoft Dynamics CVE-2024-35263 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5495 Chromium: CVE-2024-5495 Use after free in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-6103 Chromium: CVE-2024-6103: Use after free in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5497 Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5494 Chromium: CVE-2024-5494 Use after free in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5499 Chromium: CVE-2024-5499 Out of bounds write in Streams API
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5496 Chromium: CVE-2024-5496 Use after free in Media Session
ChromeMicrosoft Edge (Chromium-based) CVE-2024-6102 Chromium: CVE-2024-6102: Out of bounds memory access in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-6101 Chromium: CVE-2024-6101: Inappropriate implementation in WebAssembly
ChromeMicrosoft Edge (Chromium-based) CVE-2024-6291 Chromium: CVE-2024-6291 Use after free in Swiftshader
MicrosoftMicrosoft Edge (Chromium-based) CVE-2024-38093 Microsoft Edge (Chromium-based) Spoofing Vulnerability
MicrosoftMicrosoft Edge (Chromium-based) CVE-2024-38082 Microsoft Edge (Chromium-based) Spoofing Vulnerability
MicrosoftMicrosoft Edge (Chromium-based) CVE-2024-30058 Microsoft Edge (Chromium-based) Spoofing Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2024-6290 Chromium: CVE-2024-6290 Use after free in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-6293 Chromium: CVE-2024-6293 Use after free in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-6292 Chromium: CVE-2024-6292 Use after free in Dawn
AdobeMicrosoft Edge (Chromium-based) CVE-2024-34122 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5846 Chromium: CVE-2024-5846 Use after free in PDFium
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5498 Chromium: CVE-2024-5498 Use after free in Presentation API
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5847 Chromium: CVE-2024-5847 Use after free in PDFium
ChromeMicrosoft Edge (Chromium-based) CVE-2024-6100 Chromium: CVE-2024-6100 Type Confusion in V8
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5493 Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC
MicrosoftMicrosoft Edge (Chromium-based) CVE-2024-38083 Microsoft Edge (Chromium-based) Spoofing Vulnerability
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5832 Chromium: CVE-2024-5832 Use after free in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5831 Chromium: CVE-2024-5831 Use after free in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5836 Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5839 Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5833 Chromium: CVE-2024-5833 Type Confusion in V8
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5844 Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5840 Chromium: CVE-2024-5840 Policy Bypass in CORS
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5843 Chromium: CVE-2024-5843 Inappropriate implementation in Downloads
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5830 Chromium: CVE-2024-5830 Type Confusion in V8
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5837 Chromium: CVE-2024-5837 Type Confusion in V8
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5834 Chromium: CVE-2024-5834 Inappropriate implementation in Dawn
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5838 Chromium: CVE-2024-5838 Type Confusion in V8
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5835 Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5841 Chromium: CVE-2024-5841 Use after free in V8
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5845 Chromium: CVE-2024-5845 Use after free in Audio
ChromeMicrosoft Edge (Chromium-based) CVE-2024-5842 Chromium: CVE-2024-5842 Use after free in Browser UI
MicrosoftMicrosoft Edge for iOS CVE-2024-30057 Microsoft Edge for iOS Spoofing Vulnerability
MicrosoftMicrosoft Office CVE-2024-30101 Microsoft Office Remote Code Execution Vulnerability
MicrosoftMicrosoft Office CVE-2024-30104 Microsoft Office Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Outlook CVE-2024-30103 Microsoft Outlook Remote Code Execution Vulnerability
MicrosoftMicrosoft Office SharePoint CVE-2024-30100 Microsoft SharePoint Server Remote Code Execution Vulnerability
MicrosoftMicrosoft Office Word CVE-2024-30102 Microsoft Office Remote Code Execution Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-30090 Microsoft Streaming Service Elevation of Privilege Vulnerability
MicrosoftMicrosoft Streaming Service CVE-2024-30089 Microsoft Streaming Service Elevation of Privilege Vulnerability
MicrosoftMicrosoft WDAC OLE DB provider for SQL CVE-2024-30077 Windows OLE Remote Code Execution Vulnerability
MITRE CorporationMicrosoft Windows CVE-2023-50868 MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU
MicrosoftMicrosoft Windows Speech CVE-2024-30097 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
HackerOneOpen Source Software CVE-2022-43552 Open Source Curl Remote Code Execution Vulnerability
MicrosoftVisual Studio CVE-2024-29060 Visual Studio Elevation of Privilege Vulnerability
GitHubVisual Studio CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
MicrosoftVisual Studio CVE-2024-30052 Visual Studio Remote Code Execution Vulnerability
MicrosoftWindows Cloud Files Mini Filter Driver CVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
MicrosoftWindows Container Manager Service CVE-2024-30076 Windows Container Manager Service Elevation of Privilege Vulnerability
MicrosoftWindows Cryptographic Services CVE-2024-30096 Windows Cryptographic Services Information Disclosure Vulnerability
MicrosoftWindows DHCP Server CVE-2024-30070 DHCP Server Service Denial of Service Vulnerability
MicrosoftWindows Distributed File System (DFS) CVE-2024-30063 Windows Distributed File System (DFS) Remote Code Execution Vulnerability
MicrosoftWindows Event Logging Service CVE-2024-30072 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
MicrosoftWindows Kernel CVE-2024-30064 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Kernel CVE-2024-30068 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Kernel-Mode Drivers CVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
MicrosoftWindows Kernel-Mode Drivers CVE-2024-35250 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
MicrosoftWindows Link Layer Topology Discovery Protocol CVE-2024-30074 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
MicrosoftWindows Link Layer Topology Discovery Protocol CVE-2024-30075 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
MicrosoftWindows NT OS Kernel CVE-2024-30088 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows NT OS Kernel CVE-2024-30099 Windows Kernel Elevation of Privilege Vulnerability
MicrosoftWindows Perception Service CVE-2024-35265 Windows Perception Service Elevation of Privilege Vulnerability
MicrosoftWindows Remote Access Connection Manager CVE-2024-30069 Windows Remote Access Connection Manager Information Disclosure Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2024-30095 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MicrosoftWindows Routing and Remote Access Service (RRAS) CVE-2024-30094 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MicrosoftWindows Server Service CVE-2024-30080 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
MicrosoftWindows Server Service CVE-2024-30062 Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability
MicrosoftWindows Standards-Based Storage Management Service CVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
MicrosoftWindows Storage CVE-2024-30093 Windows Storage Elevation of Privilege Vulnerability
MicrosoftWindows Themes CVE-2024-30065 Windows Themes Denial of Service Vulnerability
MicrosoftWindows Wi-Fi Driver CVE-2024-30078 Windows Wi-Fi Driver Remote Code Execution Vulnerability
MicrosoftWindows Win32 Kernel Subsystem CVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
MicrosoftWindows Win32K - GRFX CVE-2024-30087 Win32k Elevation of Privilege Vulnerability
MicrosoftWindows Win32K - GRFX CVE-2024-30091 Win32k Elevation of Privilege Vulnerability
MicrosoftWindows Win32K - GRFX CVE-2024-30082 Win32k Elevation of Privilege Vulnerability
MicrosoftWinlogon CVE-2024-30067 Winlogon Elevation of Privilege Vulnerability
MicrosoftWinlogon CVE-2024-30066 Winlogon Elevation of Privilege Vulnerability

CVE-2024-1298 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-1298
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6/TemporalScore:6
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/05/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-1298
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 6
Temporal: 6
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 6
Temporal: 6
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-1298 None

CVE-2024-36897 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-36897
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-36897
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-36897 None

CVE-2024-36938 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-36938
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-36938
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-36938 None

CVE-2023-28531 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-28531
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/24/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-28531
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 1.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9p1-2 Unknown None
CBL Mariner 1.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9p1-2 Unknown None
CBL Mariner 2.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9p1-5 Unknown None
CBL Mariner 2.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9p1-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-28531 None

CVE-2023-2976 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-2976
MITRE
NVD

Issuing CNA: cve-coordination@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-2976
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM guava (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
25.0-8 Unknown None
CBL Mariner 2.0 x64 guava (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
25.0-8 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-2976 None

CVE-2023-3446 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-3446
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-3446
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1.1.1k-28 Unknown None
CBL Mariner 2.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1.1.1k-28 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-3446 None

CVE-2023-52890 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-52890
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-52890
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM ntfs-3g (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2022.10.3-2 Unknown None
CBL Mariner 2.0 x64 ntfs-3g (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2022.10.3-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-52890 None

CVE-2023-43040 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-43040
MITRE
NVD

Issuing CNA: psirt@us.ibm.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-43040
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
16.2.10-4 Unknown None
CBL Mariner 2.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
16.2.10-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-43040 None

CVE-2023-50229 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-50229
MITRE
NVD

Issuing CNA: zdi-disclosures@trendmicro.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorAdjacent
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/03/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-50229
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bluez (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.63-5 Unknown None
Azure Linux 3.0 x64 bluez (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.63-5 Unknown None
CBL Mariner 2.0 ARM bluez (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.63-6 Unknown None
CBL Mariner 2.0 x64 bluez (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.63-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-50229 None

CVE-2024-1013 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-1013
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-1013
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unixODBC (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
2.3.12-2 Unknown None
Azure Linux 3.0 x64 unixODBC (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
2.3.12-2 Unknown None
CBL Mariner 2.0 ARM unixODBC (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
2.3.9-3 Unknown None
CBL Mariner 2.0 x64 unixODBC (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
2.3.9-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-1013 None

CVE-2024-0450 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0450
MITRE
NVD

Issuing CNA: cna@python.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.2/TemporalScore:6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0450
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM python3 (CBL-Mariner) Unknown Unknown None Base: 6.2
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9.19-1 Unknown None
CBL Mariner 2.0 x64 python3 (CBL-Mariner) Unknown Unknown None Base: 6.2
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9.19-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0450 None

CVE-2024-1441 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-1441
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-1441
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM libvirt (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.10.0-8 Unknown None
CBL Mariner 2.0 x64 libvirt (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.10.0-8 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-1441 None

CVE-2024-0874 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0874
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/03/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0874
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM coredns (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1.11.1-8 Unknown None
CBL Mariner 2.0 x64 coredns (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1.11.1-8 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0874 None

CVE-2024-21885 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-21885
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-21885
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM xorg-x11-server (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.20.10-10 Unknown None
CBL Mariner 2.0 x64 xorg-x11-server (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.20.10-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-21885 None

CVE-2024-22017 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-22017
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeChanged
ConfidentialityLow
IntegrityHigh
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-22017
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libuv (CBL-Mariner)
nodejs (CBL-Mariner)
Unknown Unknown Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
1.48.0-1
20.14.0-1
None
Azure Linux 3.0 x64 libuv (CBL-Mariner)
nodejs (CBL-Mariner)
Unknown Unknown Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
1.48.0-1
20.14.0-1
None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-22017 None

CVE-2024-22019 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-22019
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/26/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-22019
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-22019 None

CVE-2024-21892 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-21892
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/26/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-21892
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-21892 None

CVE-2024-2496 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-2496
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5/TemporalScore:5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-2496
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM libvirt (CBL-Mariner) Unknown Unknown None Base: 5
Temporal: 5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
7.10.0-8 Unknown None
CBL Mariner 2.0 x64 libvirt (CBL-Mariner) Unknown Unknown None Base: 5
Temporal: 5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
7.10.0-8 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-2496 None

CVE-2024-2511 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-2511
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/15/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-2511
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
20.14.0-1
3.3.0-1
None
Azure Linux 3.0 x64 nodejs (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
20.14.0-1
3.3.0-1
None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
18.20.2-1
1.1.1k-30
None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
18.20.2-1
1.1.1k-30
None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-2511 None

CVE-2024-27319 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27319
MITRE
NVD

Issuing CNA: disclosure@hiddenlayer.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.4/TemporalScore:4.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/26/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27319
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM pytorch (CBL-Mariner) Unknown Unknown None Base: 4.4
Temporal: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
2.0.0-4 Unknown None
CBL Mariner 2.0 x64 pytorch (CBL-Mariner) Unknown Unknown None Base: 4.4
Temporal: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
2.0.0-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27319 None

CVE-2024-27322 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27322
MITRE
NVD

Issuing CNA: 6f8de1f0-f67e-45a6-b68f-98777fdb759c

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27322
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM R (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.1.0-5 Unknown None
CBL Mariner 2.0 x64 R (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.1.0-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27322 None

CVE-2024-2756 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-2756
MITRE
NVD

Issuing CNA: security@php.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/29/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-2756
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.1.28-1 Unknown None
CBL Mariner 2.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.1.28-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-2756 None

CVE-2024-27318 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27318
MITRE
NVD

Issuing CNA: disclosure@hiddenlayer.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/26/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27318
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM pytorch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.0.0-6 Unknown None
CBL Mariner 2.0 x64 pytorch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.0.0-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27318 None

CVE-2024-27289 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27289
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/11/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27289
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1.31.0-1 Unknown None
Azure Linux 3.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1.31.0-1 Unknown None
CBL Mariner 2.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1.29.4-4 Unknown None
CBL Mariner 2.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1.29.4-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27289 None

CVE-2024-28849 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-28849
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/25/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-28849
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM reaper (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1.1-9 Unknown None
CBL Mariner 2.0 x64 reaper (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1.1-9 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-28849 None

CVE-2024-30260 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30260
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.9/TemporalScore:3.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/15/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30260
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30260 None

CVE-2024-3096 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-3096
MITRE
NVD

Issuing CNA: security@php.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/29/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-3096
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
8.3.4-1 Unknown None
Azure Linux 3.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
8.3.4-1 Unknown None
CBL Mariner 2.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
8.1.28-1 Unknown None
CBL Mariner 2.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
8.1.28-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-3096 None

CVE-2024-30261 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30261
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:2.6/TemporalScore:2.6
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/15/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30261
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 2.6
Temporal: 2.6
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 2.6
Temporal: 2.6
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 2.6
Temporal: 2.6
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 2.6
Temporal: 2.6
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30261 None

CVE-2024-29041 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29041
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.1/TemporalScore:6.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/01/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29041
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM reaper (CBL-Mariner) Unknown Unknown None Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1.1-9 Unknown None
CBL Mariner 2.0 x64 reaper (CBL-Mariner) Unknown Unknown None Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1.1-9 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29041 None

CVE-2024-35176 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35176
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35176
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM rubygem-rexml (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.2.8-1 Unknown None
Azure Linux 3.0 x64 rubygem-rexml (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.2.8-1 Unknown None
CBL Mariner 2.0 ARM ruby (CBL-Mariner)
rubygem-rexml (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1.4-6
3.2.7-1
None
CBL Mariner 2.0 x64 ruby (CBL-Mariner)
rubygem-rexml (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1.4-6
3.2.7-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35176 None

CVE-2024-35195 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35195
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.6/TemporalScore:5.6
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/23/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35195
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM python-requests (CBL-Mariner) Unknown Unknown None Base: 5.6
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
2.27.1-7 Unknown None
CBL Mariner 2.0 x64 python-requests (CBL-Mariner) Unknown Unknown None Base: 5.6
Temporal: 5.6
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
2.27.1-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35195 None

CVE-2024-34069 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-34069
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/13/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-34069
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-werkzeug (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
3.0.3-1 Unknown None
Azure Linux 3.0 x64 python-werkzeug (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
3.0.3-1 Unknown None
CBL Mariner 2.0 ARM python-werkzeug (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2.3.7-2 Unknown None
CBL Mariner 2.0 x64 python-werkzeug (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2.3.7-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-34069 None

CVE-2024-4317 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-4317
MITRE
NVD

Issuing CNA: cna@postgresql.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.1/TemporalScore:3.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-4317
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM postgresql (CBL-Mariner) Unknown Unknown None Base: 3.1
Temporal: 3.1
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
16.3-1 Unknown None
Azure Linux 3.0 x64 postgresql (CBL-Mariner) Unknown Unknown None Base: 3.1
Temporal: 3.1
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
16.3-1 Unknown None
CBL Mariner 2.0 ARM postgresql (CBL-Mariner) Unknown Unknown None Base: 3.1
Temporal: 3.1
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
14.12-1 Unknown None
CBL Mariner 2.0 x64 postgresql (CBL-Mariner) Unknown Unknown None Base: 3.1
Temporal: 3.1
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
14.12-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-4317 None

CVE-2024-4418 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-4418
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.2/TemporalScore:6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/13/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-4418
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM libvirt (CBL-Mariner) Unknown Unknown None Base: 6.2
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.10.0-10 Unknown None
CBL Mariner 2.0 x64 libvirt (CBL-Mariner) Unknown Unknown None Base: 6.2
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.10.0-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-4418 None

CVE-2024-4577 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-4577
MITRE
NVD

Issuing CNA: security@php.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-4577
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3.8-1 Unknown None
Azure Linux 3.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3.8-1 Unknown None
CBL Mariner 2.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1.29-1 Unknown None
CBL Mariner 2.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1.29-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-4577 None

CVE-2013-2094 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2013-2094
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/16/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2013-2094
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.22.1-2 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.153.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.153.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2013-2094 None

CVE-2016-9296 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2016-9296
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2016-9296
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM p7zip (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16.02-23 Unknown None
Azure Linux 3.0 x64 p7zip (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16.02-23 Unknown None
CBL Mariner 1.0 ARM Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Unknown Unknown None
CBL Mariner 1.0 x64 Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Unknown Unknown None
CBL Mariner 2.0 ARM p7zip (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16.02-22 Unknown None
CBL Mariner 2.0 x64 p7zip (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16.02-22 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2016-9296 None

CVE-2016-2781 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2016-2781
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/25/2020    

Information published.


2.0    12/16/2021    

Added coreutils to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2016-2781
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM coreutils (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
9.4-1 Unknown None
Azure Linux 3.0 x64 coreutils (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
9.4-1 Unknown None
CBL Mariner 1.0 ARM coreutils (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
8.30-7 Unknown None
CBL Mariner 1.0 x64 coreutils (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
8.30-7 Unknown None
CBL Mariner 2.0 ARM coreutils (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
8.32-1 Unknown None
CBL Mariner 2.0 x64 coreutils (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
8.32-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2016-2781 None

CVE-2015-7697 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2015-7697
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2015-7697
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-15 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-15 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2015-7697 None

CVE-2017-3604 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3604
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3604
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3604 None

CVE-2017-3605 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3605
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3605
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3605 None

CVE-2017-3606 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3606
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3606
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3606 None

CVE-2017-17969 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-17969
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-17969
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM p7zip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16.02-23 Unknown None
Azure Linux 3.0 x64 p7zip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16.02-23 Unknown None
CBL Mariner 1.0 ARM Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Unknown Unknown None
CBL Mariner 1.0 x64 Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Unknown Unknown None
CBL Mariner 2.0 ARM p7zip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16.02-22 Unknown None
CBL Mariner 2.0 x64 p7zip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16.02-22 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-17969 None

CVE-2016-9844 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2016-9844
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4/TemporalScore:4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2016-9844
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-15 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-15 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2016-9844 None

CVE-2017-3608 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3608
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3608
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3608 None

CVE-2017-3610 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3610
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3610
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3610 None

CVE-2017-3607 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3607
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3607
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3607 None

CVE-2017-3609 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3609
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3609
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3609 None

CVE-2017-3611 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3611
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3611
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3611 None

CVE-2017-3616 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3616
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3616
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3616 None

CVE-2017-3613 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3613
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3613
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3613 None

CVE-2017-3617 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3617
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3617
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3617 None

CVE-2017-3615 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3615
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3615
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3615 None

CVE-2017-3614 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3614
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3614
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3614 None

CVE-2018-1129 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-1129
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-1129
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-1129 None

CVE-2018-13410 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-13410
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added zip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-13410
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM zip (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0-6 Unknown None
Azure Linux 3.0 x64 zip (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0-6 Unknown None
CBL Mariner 1.0 ARM zip (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0-5 Unknown None
CBL Mariner 1.0 x64 zip (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0-5 Unknown None
CBL Mariner 2.0 ARM zip (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0-5 Unknown None
CBL Mariner 2.0 x64 zip (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-13410 None

CVE-2018-10906 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-10906
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added fuse to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-10906
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM fuse (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.9.7-10 Unknown None
Azure Linux 3.0 x64 fuse (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.9.7-10 Unknown None
CBL Mariner 1.0 ARM fuse (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.9.7-7 Unknown None
CBL Mariner 1.0 x64 fuse (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.9.7-7 Unknown None
CBL Mariner 2.0 ARM fuse (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.9.7-10 Unknown None
CBL Mariner 2.0 x64 fuse (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.9.7-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-10906 None

CVE-2018-1000156 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-1000156
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added patch to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-1000156
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-9 Unknown None
Azure Linux 3.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-9 Unknown None
CBL Mariner 1.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 1.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-1000156 None

CVE-2018-18384 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-18384
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-18384
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.0-15 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.0-15 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-18384 None

CVE-2018-25032 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-25032
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/31/2022    

Information published.


2.0    09/17/2022    

Added mariadb to CBL-Mariner 1.0 Added python3 to CBL-Mariner 1.0


3.0    04/17/2023    

Added tcl to CBL-Mariner 1.0


4.0    04/18/2023    

Added boost to CBL-Mariner 2.0


5.0    04/19/2023    

Added nmap to CBL-Mariner 2.0 Added tcl to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-25032
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
grpc (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.28.2-1
1.62.0-2
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
grpc (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.28.2-1
1.62.0-2
None
CBL Mariner 1.0 ARM boost (CBL-Mariner)
erlang (CBL-Mariner)
mariadb (CBL-Mariner)
nmap (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.66.0-4
24.2-2
10.3.36-1
7.90-4
None
CBL Mariner 1.0 x64 boost (CBL-Mariner)
erlang (CBL-Mariner)
mariadb (CBL-Mariner)
nmap (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.66.0-4
24.2-2
10.3.36-1
7.90-4
None
CBL Mariner 2.0 ARM boost (CBL-Mariner)
nmap (CBL-Mariner)
qt5-qtbase (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.76.0-3
7.93-1
5.15.9-1
1.72.0-2
None
CBL Mariner 2.0 x64 boost (CBL-Mariner)
nmap (CBL-Mariner)
qt5-qtbase (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.76.0-3
7.93-1
5.15.9-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-25032 None

CVE-2018-5996 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-5996
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-5996
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM p7zip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16.02-23 Unknown None
Azure Linux 3.0 x64 p7zip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16.02-23 Unknown None
CBL Mariner 1.0 ARM Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Unknown Unknown None
CBL Mariner 1.0 x64 Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Unknown Unknown None
CBL Mariner 2.0 ARM p7zip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16.02-22 Unknown None
CBL Mariner 2.0 x64 p7zip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
16.02-22 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-5996 None

CVE-2018-6951 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-6951
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added patch to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-6951
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-9 Unknown None
Azure Linux 3.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-9 Unknown None
CBL Mariner 1.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-7 Unknown None
CBL Mariner 1.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-6951 None

CVE-2018-6952 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-6952
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added patch to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-6952
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-9 Unknown None
Azure Linux 3.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-9 Unknown None
CBL Mariner 1.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-7 Unknown None
CBL Mariner 1.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.7.6-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-6952 None

CVE-2019-11835 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-11835
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-11835
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libglvnd (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.7.0-2 Unknown None
Azure Linux 3.0 x64 libglvnd (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.7.0-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-11835 None

CVE-2019-13232 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-13232
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.3/TemporalScore:3.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-13232
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.0-18 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.0-18 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-13232 None

CVE-2019-11834 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-11834
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-11834
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libglvnd (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.7.0-2 Unknown None
Azure Linux 3.0 x64 libglvnd (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.7.0-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-11834 None

CVE-2019-19391 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-19391
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-19391
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM sysbench (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1.0.20-3 Unknown None
Azure Linux 3.0 x64 sysbench (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1.0.20-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-19391 None

CVE-2019-16168 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-16168
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-16168
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-16168 None

CVE-2019-6293 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-6293
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added flex to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-6293
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM flex (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6.4-7 Unknown None
Azure Linux 3.0 x64 flex (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6.4-7 Unknown None
CBL Mariner 1.0 ARM flex (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6.4-6 Unknown None
CBL Mariner 1.0 x64 flex (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6.4-6 Unknown None
CBL Mariner 2.0 ARM flex (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6.4-7 Unknown None
CBL Mariner 2.0 x64 flex (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6.4-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-6293 None

CVE-2019-6470 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-6470
MITRE
NVD

Issuing CNA: security-officer@isc.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/25/2020    

Information published.


2.0    12/16/2021    

Added bind to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-6470
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.44-2 Unknown None
Azure Linux 3.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.44-2 Unknown None
CBL Mariner 1.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.15-1 Unknown None
CBL Mariner 1.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.15-1 Unknown None
CBL Mariner 2.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.15-3 Unknown None
CBL Mariner 2.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.15-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-6470 None

CVE-2019-3016 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-3016
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/25/2020    

Information published.


2.0    12/16/2021    

Added kernel to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-3016
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.6.29.1-4 Unknown None
CBL Mariner 1.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.10.60.1-1 Unknown None
CBL Mariner 1.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.10.60.1-1 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.10.78.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.10.78.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-3016 None

CVE-2019-2708 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-2708
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.3/TemporalScore:3.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-2708
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.3.28-6 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.3.28-6 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-2708 None

CVE-2020-13434 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-13434
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-13434
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-13434 None

CVE-2020-13435 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-13435
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-13435
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-13435 None

CVE-2020-22217 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-22217
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/04/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-22217
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2 Unknown None
CBL Mariner 2.0 ARM python-gevent (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
21.1.2-1 Unknown None
CBL Mariner 2.0 x64 python-gevent (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
21.1.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-22217 None

CVE-2020-27304 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-27304
MITRE
NVD

Issuing CNA: vuln@vdoo.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-27304
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-27304 None

CVE-2020-8554 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-8554
MITRE
NVD

Issuing CNA: security@kubernetes.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5/TemporalScore:5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/01/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-8554
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kubernetes (CBL-Mariner) Unknown Unknown None Base: 5
Temporal: 5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1.28.3-2 Unknown None
Azure Linux 3.0 x64 kubernetes (CBL-Mariner) Unknown Unknown None Base: 5
Temporal: 5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1.28.3-2 Unknown None
CBL Mariner 2.0 ARM kubernetes (CBL-Mariner) Unknown Unknown None Base: 5
Temporal: 5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1.28.3-1 Unknown None
CBL Mariner 2.0 x64 kubernetes (CBL-Mariner) Unknown Unknown None Base: 5
Temporal: 5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1.28.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-8554 None

CVE-2020-2981 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-2981
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-2981
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-2981 None

CVE-2020-28366 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-28366
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/19/2020    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-28366
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2.16.2-1 Unknown None
Azure Linux 3.0 x64 python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2.16.2-1 Unknown None
CBL Mariner 1.0 ARM golang (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1.15.13-1 Unknown None
CBL Mariner 1.0 x64 golang (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1.15.13-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-28366 None

CVE-2020-27815 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-27815
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/11/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-27815
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-4 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.135.1-2 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.135.1-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-27815 None

CVE-2020-24370 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-24370
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-24370
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM lua (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.4.6-1 Unknown None
Azure Linux 3.0 x64 lua (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.4.6-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-24370 None

CVE-2020-25657 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-25657
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/14/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-25657
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM m2crypto (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.38.0-3 Unknown None
Azure Linux 3.0 x64 m2crypto (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.38.0-3 Unknown None
CBL Mariner 2.0 ARM m2crypto (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.38.0-3 Unknown None
CBL Mariner 2.0 x64 m2crypto (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.38.0-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-25657 None

CVE-2021-33640 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33640
MITRE
NVD

Issuing CNA: securities@openeuler.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/12/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33640
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.20-11 Unknown None
Azure Linux 3.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.20-11 Unknown None
CBL Mariner 1.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.20-11 Unknown None
CBL Mariner 1.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.20-11 Unknown None
CBL Mariner 2.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.20-11 Unknown None
CBL Mariner 2.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.20-11 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33640 None

CVE-2021-33643 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33643
MITRE
NVD

Issuing CNA: securities@openeuler.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/16/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33643
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.2.20-11 Unknown None
Azure Linux 3.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.2.20-11 Unknown None
CBL Mariner 1.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 1.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 2.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 2.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.2.20-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33643 None

CVE-2021-33645 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33645
MITRE
NVD

Issuing CNA: securities@openeuler.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/16/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33645
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-11 Unknown None
Azure Linux 3.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-11 Unknown None
CBL Mariner 1.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 1.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 2.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 2.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33645 None

CVE-2021-33644 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33644
MITRE
NVD

Issuing CNA: securities@openeuler.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/16/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33644
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1.2.20-11 Unknown None
Azure Linux 3.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1.2.20-11 Unknown None
CBL Mariner 1.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 1.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 2.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 2.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1.2.20-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33644 None

CVE-2021-33646 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33646
MITRE
NVD

Issuing CNA: securities@openeuler.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/16/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33646
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-11 Unknown None
Azure Linux 3.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-11 Unknown None
CBL Mariner 1.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 1.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 2.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-10 Unknown None
CBL Mariner 2.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.20-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33646 None

CVE-2021-33391 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33391
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/27/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33391
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tidy (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8.0-6 Unknown None
Azure Linux 3.0 x64 tidy (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8.0-6 Unknown None
CBL Mariner 2.0 ARM tidy (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8.0-6 Unknown None
CBL Mariner 2.0 x64 tidy (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8.0-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33391 None

CVE-2021-37501 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-37501
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/14/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-37501
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.12.1-13 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.12.1-13 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.12.1-13 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.12.1-13 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-37501 None

CVE-2021-3697 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-3697
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/05/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-3697
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-14 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-12 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-12 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-3697 None

CVE-2021-36374 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36374
MITRE
NVD

Issuing CNA: security@apache.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/17/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36374
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM javapackages-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.14.0-2 Unknown None
Azure Linux 3.0 x64 javapackages-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.14.0-2 Unknown None
CBL Mariner 1.0 ARM ant (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.10.11-1 Unknown None
CBL Mariner 1.0 x64 ant (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.10.11-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36374 None

CVE-2021-3696 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-3696
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.5/TemporalScore:4.5
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/05/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-3696
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 4.5
Temporal: 4.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 4.5
Temporal: 4.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06-14 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 4.5
Temporal: 4.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06-12 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 4.5
Temporal: 4.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06-12 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-3696 None

CVE-2021-3695 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-3695
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.5/TemporalScore:4.5
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/05/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-3695
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 4.5
Temporal: 4.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 4.5
Temporal: 4.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06-14 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 4.5
Temporal: 4.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06-12 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 4.5
Temporal: 4.5
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06-12 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-3695 None

CVE-2022-1941 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-1941
MITRE
NVD

Issuing CNA: cve-coordination@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-1941
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner)
keras (CBL-Mariner)
protobuf (CBL-Mariner)
python-tensorboard (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2
3.1.1-1
25.3-1
2.16.2-1
None
Azure Linux 3.0 x64 grpc (CBL-Mariner)
keras (CBL-Mariner)
protobuf (CBL-Mariner)
python-tensorboard (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2
3.1.1-1
25.3-1
2.16.2-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-1941 None

CVE-2022-0175 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-0175
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/03/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-0175
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM virglrenderer (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.9.1-3 Unknown None
Azure Linux 3.0 x64 virglrenderer (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.9.1-3 Unknown None
CBL Mariner 2.0 ARM virglrenderer (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.9.1-3 Unknown None
CBL Mariner 2.0 x64 virglrenderer (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.9.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-0175 None

CVE-2022-0135 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-0135
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/30/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-0135
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM virglrenderer (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.9.1-3 Unknown None
Azure Linux 3.0 x64 virglrenderer (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.9.1-3 Unknown None
CBL Mariner 2.0 ARM virglrenderer (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.9.1-2 Unknown None
CBL Mariner 2.0 x64 virglrenderer (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.9.1-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-0135 None

CVE-2022-1292 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-1292
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/12/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-1292
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.1-2 Unknown None
Azure Linux 3.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.1-2 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.1.1k-10 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.1.1k-10 Unknown None
CBL Mariner 2.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.1.1k-15 Unknown None
CBL Mariner 2.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.1.1k-15 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-1292 None

CVE-2022-0670 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-0670
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/02/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-0670
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
18.2.1-1 Unknown None
CBL Mariner 1.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
16.2.10-1 Unknown None
CBL Mariner 1.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
16.2.10-1 Unknown None
CBL Mariner 2.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
16.2.10-1 Unknown None
CBL Mariner 2.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
16.2.10-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-0670 None

CVE-2022-23639 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-23639
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-23639
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM librsvg2 (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.58.1-1 Unknown None
Azure Linux 3.0 x64 librsvg2 (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.58.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-23639 None

CVE-2022-24713 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-24713
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-24713
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM librsvg2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.58.1-1 Unknown None
Azure Linux 3.0 x64 librsvg2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.58.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-24713 None

CVE-2022-2601 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-2601
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.6/TemporalScore:8.6
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/17/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-2601
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.06-14 Unknown None
CBL Mariner 1.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.06~rc1-9 Unknown None
CBL Mariner 1.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.06~rc1-9 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.06-8 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.06-8 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-2601 None

CVE-2022-21698 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-21698
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/08/2023    

Information published.


2.0    01/24/2024    

Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added local-path-provisioner to CBL-Mariner 2.0 Added moby-buildx to CBL-Mariner 2.0


3.0    04/11/2024    

Added cri-o to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-21698
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM keda (CBL-Mariner)
moby-engine (CBL-Mariner)
node-problem-detector (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.14.0-1
25.0.3-1
0.8.15-1
None
Azure Linux 3.0 x64 keda (CBL-Mariner)
moby-engine (CBL-Mariner)
node-problem-detector (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.14.0-1
25.0.3-1
0.8.15-1
None
CBL Mariner 2.0 ARM application-gateway-kubernetes-ingress (CBL-Mariner)
cri-o (CBL-Mariner)
kube-vip-cloud-provider (CBL-Mariner)
kured (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.4.0-17
1.21.7-2
0.0.2-14
1.13.2-1
None
CBL Mariner 2.0 x64 application-gateway-kubernetes-ingress (CBL-Mariner)
cri-o (CBL-Mariner)
kube-vip-cloud-provider (CBL-Mariner)
kured (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.4.0-17
1.21.7-2
0.0.2-14
1.13.2-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-21698 None

CVE-2022-28736 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-28736
MITRE
NVD

Issuing CNA: security@ubuntu.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/29/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-28736
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-14 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-12 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-12 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-28736 None

CVE-2022-28735 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-28735
MITRE
NVD

Issuing CNA: security@ubuntu.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/29/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-28735
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-14 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-12 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-12 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-28735 None

CVE-2022-2879 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-2879
MITRE
NVD

Issuing CNA: security@golang.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/19/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-2879
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ig (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.29.0-1 Unknown None
Azure Linux 3.0 x64 ig (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.29.0-1 Unknown None
CBL Mariner 2.0 ARM golang (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.21.6-1 Unknown None
CBL Mariner 2.0 x64 golang (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.21.6-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-2879 None

CVE-2022-32149 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-32149
MITRE
NVD

Issuing CNA: security@golang.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/08/2023    

Information published.


2.0    01/24/2024    

Added sriov-network-device-plugin to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-32149
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM keda (CBL-Mariner)
kubevirt (CBL-Mariner)
node-problem-detector (CBL-Mariner)
sriov-network-device-plugin (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.14.0-1
1.2.0-1
0.8.15-1
3.7.0-1
None
Azure Linux 3.0 x64 keda (CBL-Mariner)
kubevirt (CBL-Mariner)
node-problem-detector (CBL-Mariner)
sriov-network-device-plugin (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.14.0-1
1.2.0-1
0.8.15-1
3.7.0-1
None
CBL Mariner 2.0 ARM git-lfs (CBL-Mariner)
kured (CBL-Mariner)
node-problem-detector (CBL-Mariner)
sriov-network-device-plugin (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.4.1-1
1.13.2-1
0.8.17-2
3.6.2-2
None
CBL Mariner 2.0 x64 git-lfs (CBL-Mariner)
kured (CBL-Mariner)
node-problem-detector (CBL-Mariner)
sriov-network-device-plugin (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.4.1-1
1.13.2-1
0.8.17-2
3.6.2-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-32149 None

CVE-2022-3162 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3162
MITRE
NVD

Issuing CNA: security@kubernetes.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/06/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3162
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM keda (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.14.0-1 Unknown None
Azure Linux 3.0 x64 keda (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.14.0-1 Unknown None
CBL Mariner 2.0 ARM cert-manager (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.11.2-1 Unknown None
CBL Mariner 2.0 x64 cert-manager (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.11.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3162 None

CVE-2022-34038 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-34038
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/31/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-34038
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM etcd (CBL-Mariner)
kubernetes (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.5.12-1
1.29.1-2
None
Azure Linux 3.0 x64 etcd (CBL-Mariner)
kubernetes (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.5.12-1
1.29.1-2
None
CBL Mariner 2.0 ARM etcd (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.5.12-1 Unknown None
CBL Mariner 2.0 x64 etcd (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.5.12-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-34038 None

CVE-2022-32221 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-32221
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-32221
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-32221 None

CVE-2022-33064 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-33064
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-33064
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libsndfile (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.2.2-1 Unknown None
Azure Linux 3.0 x64 libsndfile (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.2.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-33064 None

CVE-2022-3650 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3650
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3650
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
CBL Mariner 2.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16.2.10-4 Unknown None
CBL Mariner 2.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16.2.10-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3650 None

CVE-2022-3563 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3563
MITRE
NVD

Issuing CNA: cna@vuldb.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.7
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/23/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3563
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bluez (CBL-Mariner) Unknown Unknown None Base: 5.7
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.63-4 Unknown None
Azure Linux 3.0 x64 bluez (CBL-Mariner) Unknown Unknown None Base: 5.7
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.63-4 Unknown None
CBL Mariner 2.0 ARM bluez (CBL-Mariner) Unknown Unknown None Base: 5.7
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.63-4 Unknown None
CBL Mariner 2.0 x64 bluez (CBL-Mariner) Unknown Unknown None Base: 5.7
Temporal: 5.7
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.63-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3563 None

CVE-2022-36763 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-36763
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-36763
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-36763 None

CVE-2022-3857 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3857
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3857
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3857 None

CVE-2022-3821 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3821
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/17/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3821
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM systemd-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
250.3-17 Unknown None
Azure Linux 3.0 x64 systemd-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
250.3-17 Unknown None
CBL Mariner 1.0 ARM systemd (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
239-43 Unknown None
CBL Mariner 1.0 x64 systemd (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
239-43 Unknown None
CBL Mariner 2.0 ARM systemd (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
250.3-10 Unknown None
CBL Mariner 2.0 x64 systemd (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
250.3-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3821 None

CVE-2022-3775 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3775
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/29/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3775
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2.06-14 Unknown None
CBL Mariner 1.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2.06~rc1-10 Unknown None
CBL Mariner 1.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2.06~rc1-10 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2.06-10 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2.06-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3775 None

CVE-2022-3854 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3854
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3854
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
CBL Mariner 2.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
16.2.10-4 Unknown None
CBL Mariner 2.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
16.2.10-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3854 None

CVE-2022-42915 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-42915
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/09/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-42915
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None
CBL Mariner 1.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.86.0-1 Unknown None
CBL Mariner 1.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.86.0-1 Unknown None
CBL Mariner 2.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.86.0-1 Unknown None
CBL Mariner 2.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.86.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-42915 None

CVE-2022-42916 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-42916
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/09/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-42916
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.16.1-1 Unknown None
CBL Mariner 1.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.86.0-1 Unknown None
CBL Mariner 1.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.86.0-1 Unknown None
CBL Mariner 2.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.86.0-1 Unknown None
CBL Mariner 2.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.86.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-42916 None

CVE-2022-4304 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-4304
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/13/2023    

Information published.


2.0    02/14/2023    

Added openssl to CBL-Mariner 1.0


3.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-4304
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1.1.1k-13 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1.1.1k-13 Unknown None
CBL Mariner 2.0 ARM cloud-hypervisor (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
30.0-2
1.0.1-3
1.1.1k-21
1.72.0-2
None
CBL Mariner 2.0 x64 cloud-hypervisor (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
30.0-2
1.0.1-3
1.1.1k-21
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-4304 None

CVE-2022-45873 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-45873
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/02/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-45873
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM systemd-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
250.3-17 Unknown None
Azure Linux 3.0 x64 systemd-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
250.3-17 Unknown None
CBL Mariner 2.0 ARM systemd (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
250.3-12 Unknown None
CBL Mariner 2.0 x64 systemd (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
250.3-12 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-45873 None

CVE-2022-47085 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-47085
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/31/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-47085
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ostree (CBL-Mariner)
rpm-ostree (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2024.5-1
2022.1-7
None
Azure Linux 3.0 x64 ostree (CBL-Mariner)
rpm-ostree (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2024.5-1
2022.1-7
None
CBL Mariner 2.0 ARM rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2022.1-5 Unknown None
CBL Mariner 2.0 x64 rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2022.1-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-47085 None

CVE-2023-1393 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-1393
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/03/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-1393
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM xorg-x11-server (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.20.10-4 Unknown None
Azure Linux 3.0 x64 xorg-x11-server (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.20.10-4 Unknown None
CBL Mariner 2.0 ARM xorg-x11-server (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.20.10-4 Unknown None
CBL Mariner 2.0 x64 xorg-x11-server (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.20.10-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-1393 None

CVE-2023-0465 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-0465
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/05/2023    

Information published.


2.0    04/25/2023    

Added nodejs18 to CBL-Mariner 2.0


3.0    06/27/2023    

Added rust to CBL-Mariner 2.0


4.0    10/11/2023    

Added edk2 to CBL-Mariner 2.0


5.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-0465
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20230301gitf80f052277c8-37 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20230301gitf80f052277c8-37 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1.1.1k-15 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1.1.1k-15 Unknown None
CBL Mariner 2.0 ARM edk2 (CBL-Mariner)
hvloader (CBL-Mariner)
nodejs18 (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20230301gitf80f052277c8-37
1.0.1-3
18.17.1-2
1.1.1k-23
None
CBL Mariner 2.0 x64 edk2 (CBL-Mariner)
hvloader (CBL-Mariner)
nodejs18 (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
20230301gitf80f052277c8-37
1.0.1-3
18.17.1-2
1.1.1k-23
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-0465 None

CVE-2023-25660 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25660
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25660
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25660 None

CVE-2023-25659 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25659
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25659
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25659 None

CVE-2023-25662 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25662
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25662
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25662 None

CVE-2023-25658 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25658
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25658
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25658 None

CVE-2023-25012 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25012
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.6
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/11/2023    

Information published.


2.0    05/09/2023    

Added hyperv-daemons to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25012
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6.14.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6.14.1-1 Unknown None
CBL Mariner 1.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.10.177.1-1 Unknown None
CBL Mariner 1.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.10.177.1-1 Unknown None
CBL Mariner 2.0 ARM hyperv-daemons (CBL-Mariner)
kernel (CBL-Mariner)
Unknown Unknown Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.15.118.1-1
5.15.107.1-2
None
CBL Mariner 2.0 x64 hyperv-daemons (CBL-Mariner)
kernel (CBL-Mariner)
Unknown Unknown Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.15.118.1-1
5.15.107.1-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25012 None

CVE-2023-23916 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-23916
MITRE
NVD

Issuing CNA: cve-assignments@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/24/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-23916
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3.28.2-1
2.16.1-1
None
CBL Mariner 1.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.88.1-1 Unknown None
CBL Mariner 1.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.88.1-1 Unknown None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.88.1-1
8.0.33-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.88.1-1
8.0.33-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-23916 None

CVE-2023-25153 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25153
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/20/2023    

Information published.


1.0    02/21/2023    

Information published.


3.0    02/25/2023    

Added moby-containerd to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25153
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM moby-engine (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20.10.25-3 Unknown None
Azure Linux 3.0 x64 moby-engine (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20.10.25-3 Unknown None
CBL Mariner 1.0 ARM moby-containerd (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.6.6+azure-9 Unknown None
CBL Mariner 1.0 x64 moby-containerd (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.6.6+azure-9 Unknown None
CBL Mariner 2.0 ARM moby-containerd (CBL-Mariner)
moby-engine (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.6.18-2
20.10.14-7
None
CBL Mariner 2.0 x64 moby-containerd (CBL-Mariner)
moby-engine (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.6.18-2
20.10.14-7
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25153 None

CVE-2023-23931 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-23931
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-23931
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-cryptography (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
3.3.2-5 Unknown None
Azure Linux 3.0 x64 python-cryptography (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
3.3.2-5 Unknown None
CBL Mariner 1.0 ARM python-cryptography (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
3.3.2-2 Unknown None
CBL Mariner 1.0 x64 python-cryptography (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
3.3.2-2 Unknown None
CBL Mariner 2.0 ARM python-cryptography (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
3.3.2-4 Unknown None
CBL Mariner 2.0 x64 python-cryptography (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
3.3.2-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-23931 None

CVE-2023-25668 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25668
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25668
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25668 None

CVE-2023-25670 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25670
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25670
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25670 None

CVE-2023-25669 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25669
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25669
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25669 None

CVE-2023-25664 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25664
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25664
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25664 None

CVE-2023-25666 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25666
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25666
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25666 None

CVE-2023-25665 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25665
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25665
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25665 None

CVE-2023-25667 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25667
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25667
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25667 None

CVE-2023-25672 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25672
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25672
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25672 None

CVE-2023-25675 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25675
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25675
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25675 None

CVE-2023-25676 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25676
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25676
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25676 None

CVE-2023-25673 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25673
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25673
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25673 None

CVE-2023-25674 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25674
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25674
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25674 None

CVE-2023-27478 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-27478
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-27478
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libmemcached-awesome (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1.1.4-1 Unknown None
Azure Linux 3.0 x64 libmemcached-awesome (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1.1.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-27478 None

CVE-2023-2700 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-2700
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-2700
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libvirt (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.10.0-5 Unknown None
Azure Linux 3.0 x64 libvirt (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.10.0-5 Unknown None
CBL Mariner 2.0 ARM libvirt (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.10.0-5 Unknown None
CBL Mariner 2.0 x64 libvirt (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.10.0-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-2700 None

CVE-2023-26964 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-26964
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/17/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-26964
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kata-containers (CBL-Mariner)
rpm-ostree (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.2.0.azl0-2
2024.4-1
None
Azure Linux 3.0 x64 kata-containers (CBL-Mariner)
rpm-ostree (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.2.0.azl0-2
2024.4-1
None
CBL Mariner 2.0 ARM kata-containers (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.2.0.azl0-1 Unknown None
CBL Mariner 2.0 x64 kata-containers (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.2.0.azl0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-26964 None

CVE-2023-27538 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-27538
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/01/2023    

Information published.


1.0    04/03/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-27538
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.28.2-1
2.16.1-1
None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.0.1-1
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.0.1-1
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-27538 None

CVE-2023-27537 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-27537
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/03/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-27537
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.28.2-1
2.16.1-1
None
CBL Mariner 2.0 ARM mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.0.33-1
1.72.0-2
None
CBL Mariner 2.0 x64 mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.0.33-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-27537 None

CVE-2023-28322 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-28322
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.7/TemporalScore:3.7
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/27/2023    

Information published.


2.0    05/28/2023    

Added curl to CBL-Mariner 1.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-28322
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.21.4-10
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.21.4-10
2.16.1-1
None
CBL Mariner 1.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
7.88.1-2 Unknown None
CBL Mariner 1.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
7.88.1-2 Unknown None
CBL Mariner 2.0 ARM cmake (CBL-Mariner)
curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.21.4-6
8.0.1-2
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 cmake (CBL-Mariner)
curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.21.4-6
8.0.1-2
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-28322 None

CVE-2023-28321 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-28321
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/27/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-28321
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.16.1-1 Unknown None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
8.2.1-1
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
8.2.1-1
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-28321 None

CVE-2023-31975 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-31975
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.3/TemporalScore:3.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/12/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-31975
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM yasm (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1.3.0-14 Unknown None
Azure Linux 3.0 x64 yasm (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1.3.0-14 Unknown None
CBL Mariner 1.0 ARM yasm (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1.3.0-14 Unknown None
CBL Mariner 1.0 x64 yasm (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1.3.0-14 Unknown None
CBL Mariner 2.0 ARM yasm (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1.3.0-14 Unknown None
CBL Mariner 2.0 x64 yasm (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1.3.0-14 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-31975 None

CVE-2023-37920 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-37920
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-37920
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-certifi (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2024.02.02-1 Unknown None
Azure Linux 3.0 x64 python-certifi (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2024.02.02-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-37920 None

CVE-2023-3750 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-3750
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-3750
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libvirt (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
10.0.0-1 Unknown None
Azure Linux 3.0 x64 libvirt (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
10.0.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-3750 None

CVE-2023-37460 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-37460
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/31/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-37460
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM javapackages-bootstrap (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.5.0-4 Unknown None
Azure Linux 3.0 x64 javapackages-bootstrap (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.5.0-4 Unknown None
CBL Mariner 2.0 ARM javapackages-bootstrap (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.5.0-4 Unknown None
CBL Mariner 2.0 x64 javapackages-bootstrap (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.5.0-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-37460 None

CVE-2023-34411 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-34411
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-34411
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2024.4-1 Unknown None
Azure Linux 3.0 x64 rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2024.4-1 Unknown None
CBL Mariner 1.0 ARM mozjs60 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
60.9.0-13 Unknown None
CBL Mariner 1.0 x64 mozjs60 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
60.9.0-13 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-34411 None

CVE-2023-36328 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-36328
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/05/2023    

Information published.


2.0    09/06/2023    

Added libtommath to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-36328
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libtommath (CBL-Mariner)
tcl (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.1.0-5
8.6.13-3
None
Azure Linux 3.0 x64 libtommath (CBL-Mariner)
tcl (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.1.0-5
8.6.13-3
None
CBL Mariner 2.0 ARM libtommath (CBL-Mariner)
tcl (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.1.0-5
8.6.13-2
None
CBL Mariner 2.0 x64 libtommath (CBL-Mariner)
tcl (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.1.0-5
8.6.13-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-36328 None

CVE-2023-3817 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-3817
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/07/2023    

Information published.


2.0    10/11/2023    

Added edk2 to CBL-Mariner 2.0


3.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-3817
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20230301gitf80f052277c8-37
3.2.0.azl0-3
None
Azure Linux 3.0 x64 edk2 (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20230301gitf80f052277c8-37
3.2.0.azl0-3
None
CBL Mariner 2.0 ARM edk2 (CBL-Mariner)
hvloader (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20230301gitf80f052277c8-37
1.0.1-3
0.6.3-3
1.1.1k-26
None
CBL Mariner 2.0 x64 edk2 (CBL-Mariner)
hvloader (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20230301gitf80f052277c8-37
1.0.1-3
0.6.3-3
1.1.1k-26
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-3817 None

CVE-2023-39325 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-39325
MITRE
NVD

Issuing CNA: security@golang.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/23/2023    

Information published.


2.0    10/24/2023    

Added moby-compose to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0


2.0    10/28/2023    

Added coredns to CBL-Mariner 2.0


4.0    01/18/2024    

Added packer to CBL-Mariner 2.0


5.0    02/02/2024    

Added kata-containers-cc to CBL-Mariner 2.0


6.0    03/07/2024    

Added kata-containers to CBL-Mariner 2.0


5.0    04/20/2024    

Added git-lfs to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-39325
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM etcd (CBL-Mariner)
moby-containerd-cc (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.5.12-1
1.7.7-3
1.29.4-1
None
Azure Linux 3.0 x64 etcd (CBL-Mariner)
moby-containerd-cc (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.5.12-1
1.7.7-3
1.29.4-1
None
CBL Mariner 2.0 ARM blobfuse2 (CBL-Mariner)
coredns (CBL-Mariner)
cri-tools (CBL-Mariner)
git-lfs (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.1.1-1
1.11.1-2
1.29.0-2
3.5.1-1
None
CBL Mariner 2.0 x64 blobfuse2 (CBL-Mariner)
coredns (CBL-Mariner)
cri-tools (CBL-Mariner)
git-lfs (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.1.1-1
1.11.1-2
1.29.0-2
3.5.1-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-39325 None

CVE-2023-38325 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38325
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38325
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-cryptography (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
42.0.5-1 Unknown None
Azure Linux 3.0 x64 python-cryptography (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
42.0.5-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38325 None

CVE-2023-38711 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38711
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/26/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38711
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-6 Unknown None
Azure Linux 3.0 x64 libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-6 Unknown None
CBL Mariner 2.0 ARM libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-5 Unknown None
CBL Mariner 2.0 x64 libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38711 None

CVE-2023-38546 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38546
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.7/TemporalScore:3.7
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/10/2023    

Information published.


1.0    10/18/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38546
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.21.4-10
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.21.4-10
2.16.1-1
None
CBL Mariner 2.0 ARM cmake (CBL-Mariner)
curl (CBL-Mariner)
mysql (CBL-Mariner)
Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.21.4-10
8.3.0-2
8.0.35-1
None
CBL Mariner 2.0 x64 cmake (CBL-Mariner)
curl (CBL-Mariner)
mysql (CBL-Mariner)
Unknown Unknown Base: 3.7
Temporal: 3.7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.21.4-10
8.3.0-2
8.0.35-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38546 None

CVE-2023-38712 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38712
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/26/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38712
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-6 Unknown None
Azure Linux 3.0 x64 libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-6 Unknown None
CBL Mariner 2.0 ARM libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-5 Unknown None
CBL Mariner 2.0 x64 libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38712 None

CVE-2023-38710 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-38710
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/26/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-38710
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-6 Unknown None
Azure Linux 3.0 x64 libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-6 Unknown None
CBL Mariner 2.0 ARM libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-5 Unknown None
CBL Mariner 2.0 x64 libreswan (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-38710 None

CVE-2023-41361 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-41361
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-41361
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1-2 Unknown None
Azure Linux 3.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-41361 None

CVE-2023-41913 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-41913
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/08/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-41913
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM strongswan (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.9.12-1 Unknown None
Azure Linux 3.0 x64 strongswan (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.9.12-1 Unknown None
CBL Mariner 2.0 ARM strongswan (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.9.10-3 Unknown None
CBL Mariner 2.0 x64 strongswan (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.9.10-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-41913 None

CVE-2023-42282 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-42282
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-42282
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
16.20.2-3
18.18.2-4
None
CBL Mariner 2.0 x64 nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
16.20.2-3
18.18.2-4
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-42282 None

CVE-2023-45142 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45142
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/16/2023    

Information published.


1.0    01/21/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45142
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM docker-buildx (CBL-Mariner)
kubernetes (CBL-Mariner)
prometheus (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.14.0-1
1.29.1-2
2.45.4-1
None
Azure Linux 3.0 x64 docker-buildx (CBL-Mariner)
kubernetes (CBL-Mariner)
prometheus (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.14.0-1
1.29.1-2
2.45.4-1
None
CBL Mariner 2.0 ARM cri-tools (CBL-Mariner)
opa (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.29.0-2
0.63.0-1
None
CBL Mariner 2.0 x64 cri-tools (CBL-Mariner)
opa (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.29.0-2
0.63.0-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45142 None

CVE-2023-45232 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45232
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45232
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45232 None

CVE-2023-45230 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45230
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45230
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45230 None

CVE-2023-4408 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4408
MITRE
NVD

Issuing CNA: security-officer@isc.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4408
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
Azure Linux 3.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
CBL Mariner 2.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.48-1 Unknown None
CBL Mariner 2.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.48-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4408 None

CVE-2023-45231 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45231
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45231
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45231 None

CVE-2023-45229 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45229
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45229
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45229 None

CVE-2023-45233 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45233
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45233
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45233 None

CVE-2023-45237 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45237
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45237
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45237 None

CVE-2023-45235 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45235
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45235
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45235 None

CVE-2023-46118 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-46118
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.9/TemporalScore:4.9
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-46118
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM rabbitmq-server (CBL-Mariner) Unknown Unknown None Base: 4.9
Temporal: 4.9
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
3.13.0-1 Unknown None
Azure Linux 3.0 x64 rabbitmq-server (CBL-Mariner) Unknown Unknown None Base: 4.9
Temporal: 4.9
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
3.13.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-46118 None

CVE-2023-45236 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45236
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45236
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45236 None

CVE-2023-45234 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45234
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45234
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45234 None

CVE-2023-4535 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4535
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.8/TemporalScore:3.8
Base score metrics
Attack VectorPhysical
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/16/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4535
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 3.8
Temporal: 3.8
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0.25.1-3 Unknown None
Azure Linux 3.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 3.8
Temporal: 3.8
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0.25.1-3 Unknown None
CBL Mariner 2.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 3.8
Temporal: 3.8
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0.23.0-2 Unknown None
CBL Mariner 2.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 3.8
Temporal: 3.8
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0.23.0-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4535 None

CVE-2023-45853 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-45853
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/16/2023    

Information published.


2.0    10/17/2023    

Added tcl to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-45853
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM keras (CBL-Mariner)
rust (CBL-Mariner)
tcl (CBL-Mariner)
zlib (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1.1-1
1.75.0-1
8.6.13-3
1.3.1-1
None
Azure Linux 3.0 x64 keras (CBL-Mariner)
rust (CBL-Mariner)
tcl (CBL-Mariner)
zlib (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1.1-1
1.75.0-1
8.6.13-3
1.3.1-1
None
CBL Mariner 2.0 ARM boost (CBL-Mariner)
cloud-hypervisor (CBL-Mariner)
rust (CBL-Mariner)
tcl (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.76.0-4
32.0-2
1.72.0-5
8.6.13-3
None
CBL Mariner 2.0 x64 boost (CBL-Mariner)
cloud-hypervisor (CBL-Mariner)
rust (CBL-Mariner)
tcl (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.76.0-4
32.0-2
1.72.0-5
8.6.13-3
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-45853 None

CVE-2023-46852 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-46852
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/31/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-46852
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM memcached (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.6.27-1 Unknown None
Azure Linux 3.0 x64 memcached (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.6.27-1 Unknown None
CBL Mariner 2.0 ARM memcached (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.6.22-1 Unknown None
CBL Mariner 2.0 x64 memcached (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.6.22-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-46852 None

CVE-2023-46813 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-46813
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/08/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-46813
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-1 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.137.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.137.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-46813 None

CVE-2023-4692 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4692
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/27/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4692
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-18 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-18 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-13 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.06-13 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4692 None

CVE-2023-46853 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-46853
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/01/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-46853
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM memcached (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.6.27-1 Unknown None
Azure Linux 3.0 x64 memcached (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.6.27-1 Unknown None
CBL Mariner 2.0 ARM memcached (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.6.22-1 Unknown None
CBL Mariner 2.0 x64 memcached (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.6.22-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-46853 None

CVE-2023-46753 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-46753
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/01/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-46753
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1-2 Unknown None
Azure Linux 3.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1-2 Unknown None
CBL Mariner 2.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5.3-3 Unknown None
CBL Mariner 2.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5.3-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-46753 None

CVE-2023-4785 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4785
MITRE
NVD

Issuing CNA: cve-coordination@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4785
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4785 None

CVE-2023-5215 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5215
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/06/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5215
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libnbd (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.12.1-3 Unknown None
Azure Linux 3.0 x64 libnbd (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.12.1-3 Unknown None
CBL Mariner 2.0 ARM libnbd (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.12.1-3 Unknown None
CBL Mariner 2.0 x64 libnbd (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.12.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5215 None

CVE-2023-5528 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5528
MITRE
NVD

Issuing CNA: security@kubernetes.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/20/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5528
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kubernetes (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.28.7-2 Unknown None
Azure Linux 3.0 x64 kubernetes (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.28.7-2 Unknown None
CBL Mariner 2.0 ARM kubernetes (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.28.4-1 Unknown None
CBL Mariner 2.0 x64 kubernetes (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.28.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5528 None

CVE-2023-5408 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5408
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.2/TemporalScore:7.2
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/07/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5408
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kubernetes (CBL-Mariner) Unknown Unknown None Base: 7.2
Temporal: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1.29.1-2 Unknown None
Azure Linux 3.0 x64 kubernetes (CBL-Mariner) Unknown Unknown None Base: 7.2
Temporal: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1.29.1-2 Unknown None
CBL Mariner 2.0 ARM kubernetes (CBL-Mariner) Unknown Unknown None Base: 7.2
Temporal: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1.28.4-5 Unknown None
CBL Mariner 2.0 x64 kubernetes (CBL-Mariner) Unknown Unknown None Base: 7.2
Temporal: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1.28.4-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5408 None

CVE-2023-5678 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5678
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/13/2023    

Information published.


2.0    03/07/2024    

Added kata-containers to CBL-Mariner 2.0


3.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5678
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kata-containers-cc (CBL-Mariner)
edk2 (CBL-Mariner)
kata-containers (CBL-Mariner)
nodejs (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.2.0.azl1-1
20240223gitedc6681206c1-1
20.14.0-1
None
Azure Linux 3.0 x64 edk2 (CBL-Mariner)
kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
nodejs (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20240223gitedc6681206c1-1
3.2.0.azl1-1
20.14.0-1
None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner)
kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1.0.1-3
3.2.0.azl1-1
18.20.2-1
None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner)
kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1.0.1-3
3.2.0.azl1-1
18.20.2-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5678 None

CVE-2023-5517 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5517
MITRE
NVD

Issuing CNA: security-officer@isc.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5517
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
Azure Linux 3.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
CBL Mariner 2.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.48-1 Unknown None
CBL Mariner 2.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.48-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5517 None

CVE-2023-5679 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5679
MITRE
NVD

Issuing CNA: security-officer@isc.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5679
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
Azure Linux 3.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
CBL Mariner 2.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.48-1 Unknown None
CBL Mariner 2.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.48-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5679 None

CVE-2023-52426 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-52426
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/09/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-52426
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM expat (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.6.2-1 Unknown None
Azure Linux 3.0 x64 expat (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.6.2-1 Unknown None
CBL Mariner 2.0 ARM expat (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.6.2-2 Unknown None
CBL Mariner 2.0 x64 expat (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.6.2-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-52426 None

CVE-2023-5764 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5764
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/21/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5764
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ansible (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.17.0-1 Unknown None
Azure Linux 3.0 x64 ansible (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.17.0-1 Unknown None
CBL Mariner 2.0 ARM ansible (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.14.12-1 Unknown None
CBL Mariner 2.0 x64 ansible (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.14.12-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5764 None

CVE-2023-5992 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5992
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5992
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.25.1-3 Unknown None
Azure Linux 3.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.25.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5992 None

CVE-2023-52425 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-52425
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/09/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-52425
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM expat (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6.2-1 Unknown None
Azure Linux 3.0 x64 expat (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6.2-1 Unknown None
CBL Mariner 2.0 ARM expat (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6.2-2 Unknown None
CBL Mariner 2.0 x64 expat (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6.2-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-52425 None

CVE-2023-52429 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-52429
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/27/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-52429
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner)
kernel (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.22.1-2 None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner)
kernel (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.22.1-2 None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.153.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.153.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-52429 None

CVE-2024-0607 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0607
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.6/TemporalScore:6.6
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/27/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0607
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 6.6
Temporal: 6.6
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 6.6
Temporal: 6.6
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
6.6.29.1-4 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 6.6
Temporal: 6.6
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
5.15.148.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 6.6
Temporal: 6.6
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
5.15.148.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0607 None

CVE-2024-0727 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0727
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/29/2024    

Information published.


2.0    03/07/2024    

Added kata-containers to CBL-Mariner 2.0


3.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0727
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kata-containers-cc (CBL-Mariner)
kata-containers (CBL-Mariner)
nodejs (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3.2.0.azl1-1
20.14.0-1
3.3.0-1
None
Azure Linux 3.0 x64 kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
nodejs (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3.2.0.azl1-1
20.14.0-1
3.3.0-1
None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner)
kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.0.1-3
3.2.0.azl1-1
18.20.2-1
None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner)
kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.0.1-3
3.2.0.azl1-1
18.20.2-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0727 None

CVE-2024-0553 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0553
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0553
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM gnutls (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.8.3-1 Unknown None
Azure Linux 3.0 x64 gnutls (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.8.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0553 None

CVE-2024-0567 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0567
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0567
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM gnutls (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.8.3-1 Unknown None
Azure Linux 3.0 x64 gnutls (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.8.3-1 Unknown None
CBL Mariner 2.0 ARM gnutls (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.7.7-4 Unknown None
CBL Mariner 2.0 x64 gnutls (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.7.7-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0567 None

CVE-2024-0690 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0690
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/07/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0690
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ansible (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.17.0-1 Unknown None
Azure Linux 3.0 x64 ansible (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.17.0-1 Unknown None
CBL Mariner 2.0 ARM ansible (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.14.12-2 Unknown None
CBL Mariner 2.0 x64 ansible (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.14.12-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0690 None

CVE-2023-6915 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6915
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/23/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6915
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-4 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.148.2-2 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.148.2-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6915 None

CVE-2023-6932 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6932
MITRE
NVD

Issuing CNA: security@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/29/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6932
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-4 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.143.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.143.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6932 None

CVE-2024-21891 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-21891
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.9/TemporalScore:7.9
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-21891
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 7.9
Temporal: 7.9
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 7.9
Temporal: 7.9
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
20.14.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-21891 None

CVE-2024-21896 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-21896
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.9/TemporalScore:7.9
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-21896
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 7.9
Temporal: 7.9
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 7.9
Temporal: 7.9
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
20.14.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-21896 None

CVE-2024-21890 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-21890
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5/TemporalScore:5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-21890
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 5
Temporal: 5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 5
Temporal: 5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
20.14.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-21890 None

CVE-2024-21646 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-21646
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/16/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-21646
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2024.03.04-1 Unknown None
Azure Linux 3.0 x64 azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2024.03.04-1 Unknown None
CBL Mariner 2.0 ARM azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022.01.21-2 Unknown None
CBL Mariner 2.0 x64 azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022.01.21-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-21646 None

CVE-2024-25580 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-25580
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-25580
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM qtbase (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.2-1 Unknown None
Azure Linux 3.0 x64 qtbase (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-25580 None

CVE-2024-26898 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26898
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26898
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26898 None

CVE-2024-26883 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26883
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26883
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26883 None

CVE-2024-26884 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26884
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26884
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26884 None

CVE-2024-26882 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26882
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26882
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26882 None

CVE-2024-26885 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26885
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26885
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26885 None

CVE-2024-26881 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26881
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26881
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26881 None

CVE-2024-26907 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26907
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26907
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26907 None

CVE-2024-26908 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26908
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26908
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26908 None

CVE-2024-26909 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26909
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26909
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26909 None

CVE-2024-27308 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27308
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/11/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27308
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2024.4-1 Unknown None
Azure Linux 3.0 x64 rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2024.4-1 Unknown None
CBL Mariner 2.0 ARM kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3.2.0.azl2-1 None
CBL Mariner 2.0 x64 kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3.2.0.azl2-1 None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27308 None

CVE-2024-27391 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27391
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27391
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27391 None

CVE-2024-2757 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-2757
MITRE
NVD

Issuing CNA: security@php.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-2757
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3.6-1 Unknown None
Azure Linux 3.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3.6-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-2757 None

CVE-2024-28182 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-28182
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-28182
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20.14.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-28182 None

CVE-2024-28863 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-28863
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-28863
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20.14.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-28863 None

CVE-2024-29157 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29157
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29157
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29157 None

CVE-2024-28757 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-28757
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-28757
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM expat (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.6.2-1 Unknown None
Azure Linux 3.0 x64 expat (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.6.2-1 Unknown None
CBL Mariner 2.0 ARM expat (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.6.2-2 Unknown None
CBL Mariner 2.0 x64 expat (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.6.2-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-28757 None

CVE-2024-29161 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29161
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29161
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29161 None

CVE-2024-29163 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29163
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29163
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29163 None

CVE-2024-29164 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29164
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29164
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29164 None

CVE-2024-29162 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29162
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29162
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29162 None

CVE-2024-30202 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30202
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30202
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
Azure Linux 3.0 x64 emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
CBL Mariner 2.0 ARM emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
CBL Mariner 2.0 x64 emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30202 None

CVE-2024-30203 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30203
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30203
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
Azure Linux 3.0 x64 emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
CBL Mariner 2.0 ARM emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
CBL Mariner 2.0 x64 emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30203 None

CVE-2024-32487 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32487
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/22/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32487
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM less (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
643-2 Unknown None
Azure Linux 3.0 x64 less (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
643-2 Unknown None
CBL Mariner 2.0 ARM less (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
590-4 Unknown None
CBL Mariner 2.0 x64 less (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
590-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32487 None

CVE-2024-32607 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32607
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32607
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32607 None

CVE-2024-32605 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32605
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32605
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32605 None

CVE-2024-32615 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32615
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32615
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32615 None

CVE-2024-32618 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32618
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32618
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32618 None

CVE-2024-32620 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32620
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32620
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32620 None

CVE-2024-32619 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32619
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32619
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32619 None

CVE-2024-32616 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32616
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32616
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32616 None

CVE-2024-32622 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32622
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32622
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32622 None

CVE-2024-32621 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32621
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32621
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32621 None

CVE-2024-32623 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32623
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32623
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32623 None

CVE-2024-33875 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-33875
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-33875
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-33875 None

CVE-2024-33873 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-33873
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-33873
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-33873 None

CVE-2024-33877 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-33877
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-33877
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-33877 None

CVE-2024-33874 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-33874
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-33874
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-33874 None

CVE-2024-33876 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-33876
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-33876
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-33876 None

CVE-2024-4323 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-4323
MITRE
NVD

Issuing CNA: vulnreport@tenable.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/23/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-4323
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM fluent-bit (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0.6-1 Unknown None
Azure Linux 3.0 x64 fluent-bit (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0.6-1 Unknown None
CBL Mariner 2.0 ARM fluent-bit (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.2.3-1 Unknown None
CBL Mariner 2.0 x64 fluent-bit (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.2.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-4323 None

CVE-2024-3727 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-3727
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.3/TemporalScore:8.3
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-3727
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM containerized-data-importer (CBL-Mariner)
ig (CBL-Mariner)
Unknown Unknown Base: 8.3
Temporal: 8.3
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1.57.0-2
0.29.0-1
None
Azure Linux 3.0 x64 containerized-data-importer (CBL-Mariner)
ig (CBL-Mariner)
Unknown Unknown Base: 8.3
Temporal: 8.3
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1.57.0-2
0.29.0-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-3727 None

CVE-2024-4603 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-4603
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-4603
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-4603 None

CVE-2019-17362 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-17362
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/19/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-17362
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libtomcrypt (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.18.2-9 Unknown None
Azure Linux 3.0 x64 libtomcrypt (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.18.2-9 Unknown None
CBL Mariner 2.0 ARM libtomcrypt (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.18.2-9 Unknown None
CBL Mariner 2.0 x64 libtomcrypt (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1.18.2-9 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-17362 None

CVE-2014-3618 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2014-3618
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2014-3618
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM procmail (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.22-53 Unknown None
Azure Linux 3.0 x64 procmail (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.22-53 Unknown None
CBL Mariner 2.0 ARM procmail (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.22-53 Unknown None
CBL Mariner 2.0 x64 procmail (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.22-53 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2014-3618 None

CVE-2022-2990 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-2990
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/17/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-2990
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM buildah (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1.18.0-24 Unknown None
Azure Linux 3.0 x64 buildah (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1.18.0-24 Unknown None
CBL Mariner 2.0 ARM buildah (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1.18.0-17 Unknown None
CBL Mariner 2.0 x64 buildah (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1.18.0-17 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-2990 None

CVE-2016-7567 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2016-7567
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/19/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2016-7567
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM openslp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0.0-26 Unknown None
Azure Linux 3.0 x64 openslp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0.0-26 Unknown None
CBL Mariner 2.0 ARM openslp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0.0-26 Unknown None
CBL Mariner 2.0 x64 openslp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0.0-26 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2016-7567 None

CVE-2008-3908 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2008-3908
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2008-3908
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM wordnet (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0-43 Unknown None
Azure Linux 3.0 x64 wordnet (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0-43 Unknown None
CBL Mariner 2.0 ARM wordnet (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0-38 Unknown None
CBL Mariner 2.0 x64 wordnet (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0-38 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2008-3908 None

CVE-2004-2771 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2004-2771
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2004-2771
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM mailx (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
12.5-36 Unknown None
Azure Linux 3.0 x64 mailx (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
12.5-36 Unknown None
CBL Mariner 2.0 ARM mailx (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
12.5-34 Unknown None
CBL Mariner 2.0 x64 mailx (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
12.5-34 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2004-2771 None

CVE-2019-19977 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-19977
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/19/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-19977
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libesmtp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.6-21 Unknown None
Azure Linux 3.0 x64 libesmtp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.6-21 Unknown None
CBL Mariner 2.0 ARM libesmtp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.6-21 Unknown None
CBL Mariner 2.0 x64 libesmtp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.0.6-21 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-19977 None

CVE-2008-2149 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2008-2149
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2008-2149
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM wordnet (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0-43 Unknown None
Azure Linux 3.0 x64 wordnet (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0-43 Unknown None
CBL Mariner 2.0 ARM wordnet (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0-38 Unknown None
CBL Mariner 2.0 x64 wordnet (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0-38 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2008-2149 None

CVE-2024-27304 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27304
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27304
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.31.0-1 Unknown None
Azure Linux 3.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.31.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27304 None

CVE-2024-0901 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0901
MITRE
NVD

Issuing CNA: facts@wolfssl.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityLow
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0901
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM mariadb (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
10.11.6-3 Unknown None
Azure Linux 3.0 x64 mariadb (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
10.11.6-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0901 None

CVE-2023-6779 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6779
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6779
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM glibc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.38-6 Unknown None
Azure Linux 3.0 x64 glibc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.38-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6779 None

CVE-2023-6246 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6246
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6246
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM glibc (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.38-6 Unknown None
Azure Linux 3.0 x64 glibc (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.38-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6246 None

CVE-2021-4238 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-4238
MITRE
NVD

Issuing CNA: security@golang.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-4238
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM influxdb (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
2.7.3-3 Unknown None
Azure Linux 3.0 x64 influxdb (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
2.7.3-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-4238 None

CVE-2024-36023 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-36023
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-36023
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-36023 None

CVE-2024-36902 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-36902
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-36902
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-36902 None

CVE-2024-36971 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-36971
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-36971
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-36971 None

CVE-2023-3966 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-3966
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/22/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-3966
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM openvswitch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3.0-1 Unknown None
Azure Linux 3.0 x64 openvswitch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3.0-1 Unknown None
CBL Mariner 2.0 ARM openvswitch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.17.9-1 Unknown None
CBL Mariner 2.0 x64 openvswitch (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.17.9-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-3966 None

CVE-2023-7250 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-7250
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/25/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-7250
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM iperf3 (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.17-1 Unknown None
CBL Mariner 2.0 x64 iperf3 (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.17-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-7250 None

CVE-2023-6597 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6597
MITRE
NVD

Issuing CNA: cna@python.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6597
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM python3 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
3.9.19-1 Unknown None
CBL Mariner 2.0 x64 python3 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
3.9.19-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6597 None

CVE-2024-1874 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-1874
MITRE
NVD

Issuing CNA: security@php.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.4/TemporalScore:9.4
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/29/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-1874
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 9.4
Temporal: 9.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.3.8-1 Unknown None
Azure Linux 3.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 9.4
Temporal: 9.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.3.8-1 Unknown None
CBL Mariner 2.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 9.4
Temporal: 9.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.1.28-1 Unknown None
CBL Mariner 2.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 9.4
Temporal: 9.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.1.28-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-1874 None

CVE-2024-2002 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-2002
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-2002
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM libdwarf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.9.0-3 Unknown None
CBL Mariner 2.0 x64 libdwarf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.9.0-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-2002 None

CVE-2024-20328 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-20328
MITRE
NVD

Issuing CNA: ykramarz@cisco.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-20328
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM clamav (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1.0.6-1 Unknown None
Azure Linux 3.0 x64 clamav (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1.0.6-1 Unknown None
CBL Mariner 2.0 ARM clamav (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
0.105.2-5 Unknown None
CBL Mariner 2.0 x64 clamav (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
0.105.2-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-20328 None

CVE-2024-22025 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-22025
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-22025
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
16.20.2-4
18.18.2-5
None
CBL Mariner 2.0 x64 nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
16.20.2-4
18.18.2-5
None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-22025 None

CVE-2024-22189 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-22189
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/15/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-22189
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM coredns (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.11.1-6 Unknown None
CBL Mariner 2.0 x64 coredns (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.11.1-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-22189 None

CVE-2024-2408 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-2408
MITRE
NVD

Issuing CNA: security@php.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-2408
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.3.8-1 Unknown None
Azure Linux 3.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.3.8-1 Unknown None
CBL Mariner 2.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.1.29-1 Unknown None
CBL Mariner 2.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.1.29-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-2408 None

CVE-2024-2494 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-2494
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.2/TemporalScore:6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/01/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-2494
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM libvirt (CBL-Mariner) Unknown Unknown None Base: 6.2
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.10.0-9 Unknown None
CBL Mariner 2.0 x64 libvirt (CBL-Mariner) Unknown Unknown None Base: 6.2
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.10.0-9 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-2494 None

CVE-2024-25110 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-25110
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-25110
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2024.03.04-1 Unknown None
Azure Linux 3.0 x64 azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2024.03.04-1 Unknown None
CBL Mariner 2.0 ARM azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022.01.21-3 Unknown None
CBL Mariner 2.0 x64 azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022.01.21-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-25110 None

CVE-2024-25629 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-25629
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.4/TemporalScore:4.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/26/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-25629
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 4.4
Temporal: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 4.4
Temporal: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 4.4
Temporal: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 4.4
Temporal: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-25629 None

CVE-2024-26147 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26147
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/26/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26147
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM helm (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.13.2-3 Unknown None
Azure Linux 3.0 x64 helm (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.13.2-3 Unknown None
CBL Mariner 2.0 ARM cert-manager (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.11.2-10 Unknown None
CBL Mariner 2.0 x64 cert-manager (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.11.2-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26147 None

CVE-2024-27099 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27099
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27099
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2024.03.04-1 Unknown None
Azure Linux 3.0 x64 azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2024.03.04-1 Unknown None
CBL Mariner 2.0 ARM azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022.01.21-3 Unknown None
CBL Mariner 2.0 x64 azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022.01.21-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27099 None

CVE-2024-27982 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27982
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27982
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27982 None

CVE-2024-27983 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27983
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.2/TemporalScore:8.2
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/09/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27983
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
20.14.0-1 Unknown None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
18.18.2-7 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
18.18.2-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27983 None

CVE-2024-28110 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-28110
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-28110
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.31.0-1 Unknown None
Azure Linux 3.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.31.0-1 Unknown None
CBL Mariner 2.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.28.5-5 Unknown None
CBL Mariner 2.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.28.5-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-28110 None

CVE-2024-28180 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-28180
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.3/TemporalScore:4.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/11/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-28180
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM keda (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 4.3
Temporal: 4.3
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.14.0-1
1.31.0-1
None
Azure Linux 3.0 x64 keda (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 4.3
Temporal: 4.3
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.14.0-1
1.31.0-1
None
CBL Mariner 2.0 ARM cri-o (CBL-Mariner) Unknown Unknown None Base: 4.3
Temporal: 4.3
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1.21.7-2 Unknown None
CBL Mariner 2.0 x64 cri-o (CBL-Mariner) Unknown Unknown None Base: 4.3
Temporal: 4.3
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1.21.7-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-28180 None

CVE-2024-3154 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-3154
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.2/TemporalScore:7.2
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/31/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-3154
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM cri-o (CBL-Mariner) Unknown Unknown None Base: 7.2
Temporal: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1.22.3-2 Unknown None
CBL Mariner 2.0 x64 cri-o (CBL-Mariner) Unknown Unknown None Base: 7.2
Temporal: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1.22.3-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-3154 None

CVE-2024-32020 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32020
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.9/TemporalScore:3.9
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityNone
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/17/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32020
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM git (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
2.39.4-1 Unknown None
CBL Mariner 2.0 x64 git (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
2.39.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32020 None

CVE-2024-32021 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32021
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.9/TemporalScore:3.9
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityNone
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/17/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32021
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM git (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
2.39.4-1 Unknown None
CBL Mariner 2.0 x64 git (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
2.39.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32021 None

CVE-2024-32465 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32465
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/17/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32465
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM git (CBL-Mariner) Unknown Unknown None Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.39.4-1 Unknown None
CBL Mariner 2.0 x64 git (CBL-Mariner) Unknown Unknown None Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2.39.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32465 None

CVE-2024-34064 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-34064
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.4/TemporalScore:5.4
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/13/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-34064
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM python-jinja2 (CBL-Mariner) Unknown Unknown None Base: 5.4
Temporal: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
3.0.3-4 Unknown None
CBL Mariner 2.0 x64 python-jinja2 (CBL-Mariner) Unknown Unknown None Base: 5.4
Temporal: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
3.0.3-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-34064 None

CVE-2024-34062 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-34062
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.8/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/07/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-34062
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM python-tqdm (CBL-Mariner) Unknown Unknown None Base: 4.8
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
4.63.1-3 Unknown None
CBL Mariner 2.0 x64 python-tqdm (CBL-Mariner) Unknown Unknown None Base: 4.8
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
4.63.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-34062 None

CVE-2024-5564 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5564
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5564
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libndp (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1.8-2 Unknown None
Azure Linux 3.0 x64 libndp (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1.8-2 Unknown None
CBL Mariner 2.0 ARM libndp (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1.8-2 Unknown None
CBL Mariner 2.0 x64 libndp (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1.8-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5564 None

CVE-2024-3817 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-3817
MITRE
NVD

Issuing CNA: security@hashicorp.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/22/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-3817
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM terraform (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.3.2-14 Unknown None
CBL Mariner 2.0 x64 terraform (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.3.2-14 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-3817 None

CVE-2024-37535 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37535
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37535
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM vte291 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
0.66.2-3 Unknown None
CBL Mariner 2.0 x64 vte291 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
0.66.2-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37535 None

CVE-2024-5458 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5458
MITRE
NVD

Issuing CNA: security@php.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5458
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
8.3.8-1 Unknown None
Azure Linux 3.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
8.3.8-1 Unknown None
CBL Mariner 2.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
8.1.29-1 Unknown None
CBL Mariner 2.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
8.1.29-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5458 None

CVE-2024-5585 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5585
MITRE
NVD

Issuing CNA: security@php.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5585
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.3.8-1 Unknown None
Azure Linux 3.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.3.8-1 Unknown None
CBL Mariner 2.0 ARM php (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1.29-1 Unknown None
CBL Mariner 2.0 x64 php (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1.29-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5585 None

CVE-2007-2768 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2007-2768
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/25/2020    

Information published.


2.0    12/16/2021    

Added openssh to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2007-2768
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
9.5p1-2 Unknown None
Azure Linux 3.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
9.5p1-2 Unknown None
CBL Mariner 1.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
8.5p1-3 Unknown None
CBL Mariner 1.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
8.5p1-3 Unknown None
CBL Mariner 2.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
8.8p1-2 Unknown None
CBL Mariner 2.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
8.8p1-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2007-2768 None

CVE-2024-38428 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38428
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38428
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM wget (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.21.2-3 Unknown None
CBL Mariner 2.0 x64 wget (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.21.2-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38428 None

CVE-2008-0888 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2008-0888
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/25/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2008-0888
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-16 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-16 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2008-0888 None

CVE-2012-6687 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2012-6687
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added fcgi to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2012-6687
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM fcgi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.4.0-7 Unknown None
Azure Linux 3.0 x64 fcgi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.4.0-7 Unknown None
CBL Mariner 1.0 ARM fcgi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.4.0-7 Unknown None
CBL Mariner 1.0 x64 fcgi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.4.0-7 Unknown None
CBL Mariner 2.0 ARM fcgi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.4.0-7 Unknown None
CBL Mariner 2.0 x64 fcgi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.4.0-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2012-6687 None

CVE-2024-4068 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-4068
MITRE
NVD

Issuing CNA: oss-report@checkmarx.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/17/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-4068
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
CBL Mariner 2.0 ARM reaper (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1.1-9 Unknown None
CBL Mariner 2.0 x64 reaper (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1.1-9 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-4068 None

CVE-2010-2891 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2010-2891
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2010-2891
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libsmi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
0.4.8-28 Unknown None
Azure Linux 3.0 x64 libsmi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
0.4.8-28 Unknown None
CBL Mariner 2.0 ARM libsmi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
0.4.8-27 Unknown None
CBL Mariner 2.0 x64 libsmi (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
0.4.8-27 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2010-2891 None

CVE-2013-4420 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2013-4420
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added libtar to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2013-4420
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.2.20-11 Unknown None
Azure Linux 3.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.2.20-11 Unknown None
CBL Mariner 1.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.2.20-8 Unknown None
CBL Mariner 1.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.2.20-8 Unknown None
CBL Mariner 2.0 ARM libtar (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.2.20-8 Unknown None
CBL Mariner 2.0 x64 libtar (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.2.20-8 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2013-4420 None

CVE-2013-4342 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2013-4342
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/20/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2013-4342
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM xinetd (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.3.15-14 Unknown None
Azure Linux 3.0 x64 xinetd (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.3.15-14 Unknown None
CBL Mariner 1.0 ARM xinetd (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.3.15-13 Unknown None
CBL Mariner 1.0 x64 xinetd (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.3.15-13 Unknown None
CBL Mariner 2.0 ARM xinetd (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.3.15-14 Unknown None
CBL Mariner 2.0 x64 xinetd (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.3.15-14 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2013-4342 None

CVE-2013-6381 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2013-6381
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/10/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2013-6381
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-4 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.148.2-2 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.148.2-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2013-6381 None

CVE-2014-0069 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2014-0069
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/06/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2014-0069
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-4 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.148.2-2 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.148.2-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2014-0069 None

CVE-2014-3185 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2014-3185
MITRE
NVD

Issuing CNA: chrome-cve-admin@google.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/16/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2014-3185
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.22.1-2 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.153.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.153.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2014-3185 None

CVE-2014-8139 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2014-8139
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2014-8139
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-16 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-16 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2014-8139 None

CVE-2014-8140 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2014-8140
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2014-8140
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-16 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-16 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2014-8140 None

CVE-2014-8141 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2014-8141
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2014-8141
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-16 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-16 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2014-8141 None

CVE-2014-9913 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2014-9913
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4/TemporalScore:4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2014-9913
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-15 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-15 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 4
Temporal: 4
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2014-9913 None

CVE-2014-9636 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2014-9636
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2014-9636
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-16 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-16 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2014-9636 None

CVE-2015-2987 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2015-2987
MITRE
NVD

Issuing CNA: vultures@jpcert.or.jp

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added ed to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2015-2987
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ed (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.20-1 Unknown None
Azure Linux 3.0 x64 ed (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.20-1 Unknown None
CBL Mariner 1.0 ARM ed (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.2-8 Unknown None
CBL Mariner 1.0 x64 ed (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.2-8 Unknown None
CBL Mariner 2.0 ARM ed (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.2-9 Unknown None
CBL Mariner 2.0 x64 ed (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.2-9 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2015-2987 None

CVE-2015-5157 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2015-5157
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/16/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2015-5157
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.22.1-2 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.153.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.153.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2015-5157 None

CVE-2015-7696 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2015-7696
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2015-7696
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-15 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-15 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2015-7696 None

CVE-2018-1000035 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-1000035
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added unzip to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-1000035
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-20 Unknown None
Azure Linux 3.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-20 Unknown None
CBL Mariner 1.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-16 Unknown None
CBL Mariner 1.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-16 Unknown None
CBL Mariner 2.0 ARM unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-19 Unknown None
CBL Mariner 2.0 x64 unzip (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-1000035 None

CVE-2017-3612 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-3612
MITRE
NVD

Issuing CNA: secalert_us@oracle.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/30/2021    

Information published.


2.0    12/16/2021    

Added libdb to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-3612
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
Azure Linux 3.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 1.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 1.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-5 Unknown None
CBL Mariner 2.0 ARM libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None
CBL Mariner 2.0 x64 libdb (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.3.28-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-3612 None

CVE-2018-1000097 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-1000097
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-1000097
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM sharutils (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.15.2-21 Unknown None
Azure Linux 3.0 x64 sharutils (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.15.2-21 Unknown None
CBL Mariner 2.0 ARM sharutils (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.15.2-20 Unknown None
CBL Mariner 2.0 x64 sharutils (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.15.2-20 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-1000097 None

CVE-2018-20969 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-20969
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added patch to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-20969
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-9 Unknown None
Azure Linux 3.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-9 Unknown None
CBL Mariner 1.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 1.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-20969 None

CVE-2018-1999023 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-1999023
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-1999023
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-1999023 None

CVE-2018-20169 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-20169
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.8/TemporalScore:6.8
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/16/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-20169
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 6.8
Temporal: 6.8
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 6.8
Temporal: 6.8
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6.22.1-2 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 6.8
Temporal: 6.8
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.15.148.2-2 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 6.8
Temporal: 6.8
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.15.148.2-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-20169 None

CVE-2018-20346 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-20346
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-20346
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-20346 None

CVE-2018-20505 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-20505
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-20505
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-20505 None

CVE-2018-20506 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-20506
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-20506
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2018-20506 None

CVE-2019-13636 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-13636
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


2.0    12/16/2021    

Added patch to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-13636
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.7.6-9 Unknown None
Azure Linux 3.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.7.6-9 Unknown None
CBL Mariner 1.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.7.6-7 Unknown None
CBL Mariner 1.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.7.6-7 Unknown None
CBL Mariner 2.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.7.6-7 Unknown None
CBL Mariner 2.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.7.6-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-13636 None

CVE-2019-13638 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-13638
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/25/2020    

Information published.


2.0    12/16/2021    

Added patch to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-13638
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-9 Unknown None
Azure Linux 3.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-9 Unknown None
CBL Mariner 1.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 1.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 ARM patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None
CBL Mariner 2.0 x64 patch (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.7.6-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-13638 None

CVE-2019-14274 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-14274
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-14274
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM mcpp (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.7.2-28 Unknown None
Azure Linux 3.0 x64 mcpp (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.7.2-28 Unknown None
CBL Mariner 2.0 ARM mcpp (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.7.2-28 Unknown None
CBL Mariner 2.0 x64 mcpp (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.7.2-28 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-14274 None

CVE-2019-19645 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-19645
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-19645
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-19645 None

CVE-2019-19646 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-19646
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-19646
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-19646 None

CVE-2019-20503 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-20503
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/17/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-20503
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM usrsctp (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.9.5.0-1 Unknown None
Azure Linux 3.0 x64 usrsctp (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.9.5.0-1 Unknown None
CBL Mariner 2.0 ARM usrsctp (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.9.5.0-1 Unknown None
CBL Mariner 2.0 x64 usrsctp (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.9.5.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-20503 None

CVE-2019-8457 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-8457
MITRE
NVD

Issuing CNA: cve@checkpoint.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-8457
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-8457 None

CVE-2020-11655 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-11655
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-11655
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-11655 None

CVE-2019-9741 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-9741
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.1/TemporalScore:6.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-9741
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2.16.2-1 Unknown None
Azure Linux 3.0 x64 python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2.16.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-9741 None

CVE-2020-11656 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-11656
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-11656
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-11656 None

CVE-2020-13630 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-13630
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-13630
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-13630 None

CVE-2020-13632 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-13632
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-13632
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-13632 None

CVE-2020-13631 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-13631
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-13631
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
18.2.1-1 Unknown None
Azure Linux 3.0 x64 ceph (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
18.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-13631 None

CVE-2020-15586 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-15586
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/18/2020    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-15586
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.2-1 Unknown None
Azure Linux 3.0 x64 python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.2-1 Unknown None
CBL Mariner 1.0 ARM golang (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1.15.13-1 Unknown None
CBL Mariner 1.0 x64 golang (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1.15.13-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-15586 None

CVE-2021-3115 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-3115
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-3115
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2.16.2-1 Unknown None
Azure Linux 3.0 x64 python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2.16.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-3115 None

CVE-2020-18032 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-18032
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/27/2021    

Information published.


2.0    12/16/2021    

Added graphviz to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-18032
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM graphviz (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.42.4-10 Unknown None
Azure Linux 3.0 x64 graphviz (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.42.4-10 Unknown None
CBL Mariner 1.0 ARM graphviz (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.42.4-5 Unknown None
CBL Mariner 1.0 x64 graphviz (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.42.4-5 Unknown None
CBL Mariner 2.0 ARM graphviz (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.42.4-6 Unknown None
CBL Mariner 2.0 x64 graphviz (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.42.4-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2020-18032 None

CVE-2021-26720 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26720
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26720
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM avahi (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.8-1 Unknown None
Azure Linux 3.0 x64 avahi (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.8-1 Unknown None
CBL Mariner 2.0 ARM avahi (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.8-1 Unknown None
CBL Mariner 2.0 x64 avahi (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.8-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26720 None

CVE-2021-27378 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27378
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27378
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM librsvg2 (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.58.1-1 Unknown None
Azure Linux 3.0 x64 librsvg2 (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.58.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27378 None

CVE-2021-3468 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-3468
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-3468
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM avahi (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.8-1 Unknown None
Azure Linux 3.0 x64 avahi (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.8-1 Unknown None
CBL Mariner 2.0 ARM avahi (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.8-1 Unknown None
CBL Mariner 2.0 x64 avahi (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.8-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-3468 None

CVE-2021-3502 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-3502
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-3502
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM avahi (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.8-1 Unknown None
Azure Linux 3.0 x64 avahi (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.8-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-3502 None

CVE-2021-36373 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36373
MITRE
NVD

Issuing CNA: security@apache.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/17/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36373
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM javapackages-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.14.0-2 Unknown None
Azure Linux 3.0 x64 javapackages-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.14.0-2 Unknown None
CBL Mariner 1.0 ARM ant (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.10.11-1 Unknown None
CBL Mariner 1.0 x64 ant (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.10.11-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36373 None

CVE-2021-38190 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38190
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38190
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM librsvg2 (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.58.1-1 Unknown None
Azure Linux 3.0 x64 librsvg2 (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.58.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38190 None

CVE-2021-3981 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-3981
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.3/TemporalScore:3.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/15/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-3981
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.06-14 Unknown None
CBL Mariner 1.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.06~rc1-8 Unknown None
CBL Mariner 1.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.06~rc1-8 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.06-5 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 3.3
Temporal: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.06-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-3981 None

CVE-2021-45985 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-45985
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/15/2023    

Information published.


2.0    04/19/2023    

Added memcached to CBL-Mariner 2.0 Added ntopng to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-45985
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ntopng (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.2.1-2 Unknown None
Azure Linux 3.0 x64 ntopng (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.2.1-2 Unknown None
CBL Mariner 2.0 ARM lua (CBL-Mariner)
memcached (CBL-Mariner)
ntopng (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.4.3-5
1.6.13-3
5.2.1-2
None
CBL Mariner 2.0 x64 lua (CBL-Mariner)
memcached (CBL-Mariner)
ntopng (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.4.3-5
1.6.13-3
5.2.1-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-45985 None

CVE-2021-44716 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-44716
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/13/2022    

Information published.


2.0    11/08/2023    

Added kured to CBL-Mariner 2.0


3.0    01/24/2024    

Added flannel to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added libcontainers-common to CBL-Mariner 2.0 Added local-path-provisioner to CBL-Mariner 2.0


4.0    04/11/2024    

Added cri-o to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-44716
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM keda (CBL-Mariner)
moby-engine (CBL-Mariner)
node-problem-detector (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.14.0-1
25.0.3-1
0.8.15-1
None
Azure Linux 3.0 x64 keda (CBL-Mariner)
moby-engine (CBL-Mariner)
node-problem-detector (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.14.0-1
25.0.3-1
0.8.15-1
None
CBL Mariner 1.0 ARM golang (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.16.12-1 Unknown None
CBL Mariner 1.0 x64 golang (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.16.12-1 Unknown None
CBL Mariner 2.0 ARM application-gateway-kubernetes-ingress (CBL-Mariner)
cf-cli (CBL-Mariner)
cri-o (CBL-Mariner)
csi-driver-lvm (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.4.0-19
8.4.0-16
1.21.7-2
0.4.1-15
None
CBL Mariner 2.0 x64 application-gateway-kubernetes-ingress (CBL-Mariner)
cf-cli (CBL-Mariner)
cri-o (CBL-Mariner)
csi-driver-lvm (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.4.0-19
8.4.0-16
1.21.7-2
0.4.1-15
None

Acknowledgements

CVE ID Acknowledgements
CVE-2021-44716 None

CVE-2022-1996 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-1996
MITRE
NVD

Issuing CNA: security@huntr.dev

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-1996
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM sriov-network-device-plugin (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.7.0-1 Unknown None
Azure Linux 3.0 x64 sriov-network-device-plugin (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.7.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-1996 None

CVE-2022-2097 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-2097
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/19/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-2097
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.0.1-2 Unknown None
Azure Linux 3.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.0.1-2 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.1.1k-12 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.1.1k-12 Unknown None
CBL Mariner 2.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.1.1k-20 Unknown None
CBL Mariner 2.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.1.1k-20 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-2097 None

CVE-2022-28391 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-28391
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/13/2022    

Information published.


2.0    04/14/2022    

Added busybox to CBL-Mariner 1.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-28391
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM busybox (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.36.1-3 Unknown None
Azure Linux 3.0 x64 busybox (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.36.1-3 Unknown None
CBL Mariner 1.0 ARM busybox (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.34.1-2 Unknown None
CBL Mariner 1.0 x64 busybox (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.34.1-2 Unknown None
CBL Mariner 2.0 ARM busybox (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.35.0-2 Unknown None
CBL Mariner 2.0 x64 busybox (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.35.0-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-28391 None

CVE-2022-28733 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-28733
MITRE
NVD

Issuing CNA: security@ubuntu.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:8.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/29/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-28733
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.06-14 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.06-12 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 8.1
Temporal: 8.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.06-12 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-28733 None

CVE-2022-28734 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-28734
MITRE
NVD

Issuing CNA: security@ubuntu.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:7
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/29/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-28734
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
2.06-14 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
2.06-14 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
2.06-12 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 7
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
2.06-12 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-28734 None

CVE-2022-28805 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-28805
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/15/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-28805
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ntopng (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
5.2.1-3 Unknown None
Azure Linux 3.0 x64 ntopng (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
5.2.1-3 Unknown None
CBL Mariner 1.0 ARM lua (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
5.3.5-9 Unknown None
CBL Mariner 1.0 x64 lua (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
5.3.5-9 Unknown None
CBL Mariner 2.0 ARM lua (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
5.4.3-2 Unknown None
CBL Mariner 2.0 x64 lua (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
5.4.3-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-28805 None

CVE-2022-29526 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-29526
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/08/2023    

Information published.


2.0    01/24/2024    

Added nmi to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0


3.0    04/11/2024    

Added cri-o to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-29526
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM keda (CBL-Mariner)
moby-engine (CBL-Mariner)
node-problem-detector (CBL-Mariner)
prometheus (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.14.0-1
25.0.3-1
0.8.15-1
2.45.4-1
None
Azure Linux 3.0 x64 keda (CBL-Mariner)
moby-engine (CBL-Mariner)
node-problem-detector (CBL-Mariner)
prometheus (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.14.0-1
25.0.3-1
0.8.15-1
2.45.4-1
None
CBL Mariner 2.0 ARM azcopy (CBL-Mariner)
cri-o (CBL-Mariner)
git-lfs (CBL-Mariner)
kata-containers (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
10.24.0-1
1.21.7-2
3.4.1-1
3.2.0.azl2-1
None
CBL Mariner 2.0 x64 azcopy (CBL-Mariner)
cri-o (CBL-Mariner)
git-lfs (CBL-Mariner)
kata-containers (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
10.24.0-1
1.21.7-2
3.4.1-1
3.2.0.azl2-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-29526 None

CVE-2022-31394 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-31394
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/27/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-31394
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2022.1-7 Unknown None
Azure Linux 3.0 x64 rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2022.1-7 Unknown None
CBL Mariner 2.0 ARM rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2022.1-4 Unknown None
CBL Mariner 2.0 x64 rpm-ostree (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2022.1-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-31394 None

CVE-2022-35260 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-35260
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-35260
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-35260 None

CVE-2022-36765 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-36765
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-36765
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-36765 None

CVE-2022-36764 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-36764
MITRE
NVD

Issuing CNA: infosec@edk2.groups.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-36764
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-36764 None

CVE-2022-37434 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37434
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/12/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37434
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM crash (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.0.4-2 Unknown None
Azure Linux 3.0 x64 crash (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.0.4-2 Unknown None
CBL Mariner 1.0 ARM zlib (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.12-2 Unknown None
CBL Mariner 1.0 x64 zlib (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.12-2 Unknown None
CBL Mariner 2.0 ARM zlib (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.12-2 Unknown None
CBL Mariner 2.0 x64 zlib (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.2.12-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37434 None

CVE-2022-37616 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37616
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37616
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.2-1 Unknown None
Azure Linux 3.0 x64 python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37616 None

CVE-2022-39353 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-39353
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-39353
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.2-1 Unknown None
Azure Linux 3.0 x64 python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.16.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-39353 None

CVE-2022-41717 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41717
MITRE
NVD

Issuing CNA: security@golang.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/13/2022    

Information published.


2.0    01/24/2024    

Added sriov-network-device-plugin to CBL-Mariner 2.0


3.0    02/12/2024    

Added nmi to CBL-Mariner 2.0


4.0    04/11/2024    

Added cri-o to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41717
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM moby-engine (CBL-Mariner)
prometheus (CBL-Mariner)
sriov-network-device-plugin (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
25.0.3-1
2.45.4-1
3.7.0-1
None
Azure Linux 3.0 x64 moby-engine (CBL-Mariner)
prometheus (CBL-Mariner)
sriov-network-device-plugin (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
25.0.3-1
2.45.4-1
3.7.0-1
None
CBL Mariner 1.0 ARM golang (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1.18.8-2 Unknown None
CBL Mariner 1.0 x64 golang (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1.18.8-2 Unknown None
CBL Mariner 2.0 ARM azcopy (CBL-Mariner)
cri-o (CBL-Mariner)
golang (CBL-Mariner)
moby-cli (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
10.24.0-1
1.22.3-1
1.18.8-2
24.0.9-1
None
CBL Mariner 2.0 x64 azcopy (CBL-Mariner)
cri-o (CBL-Mariner)
golang (CBL-Mariner)
moby-cli (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
10.24.0-1
1.22.3-1
1.18.8-2
24.0.9-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41717 None

CVE-2022-40320 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-40320
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/16/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-40320
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM libconfuse (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.3-2 Unknown None
Azure Linux 3.0 x64 libconfuse (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.3-2 Unknown None
CBL Mariner 1.0 ARM libconfuse (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.3-2 Unknown None
CBL Mariner 1.0 x64 libconfuse (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.3-2 Unknown None
CBL Mariner 2.0 ARM libconfuse (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.3-2 Unknown None
CBL Mariner 2.0 x64 libconfuse (CBL-Mariner) Unknown Unknown None Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.3-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-40320 None

CVE-2022-41723 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-41723
MITRE
NVD

Issuing CNA: security@golang.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/10/2023    

Information published.


1.0    04/05/2023    

Information published.


2.0    05/17/2023    

Added kubevirt to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-41723
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kubevirt (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.0-1 Unknown None
Azure Linux 3.0 x64 kubevirt (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2.0-1 Unknown None
CBL Mariner 2.0 ARM golang (CBL-Mariner)
kubevirt (CBL-Mariner)
skopeo (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.21.6-1
0.59.0-15
1.12.0-3
1.26.0-2
None
CBL Mariner 2.0 x64 golang (CBL-Mariner)
kubevirt (CBL-Mariner)
skopeo (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.21.6-1
0.59.0-15
1.12.0-3
1.26.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-41723 None

CVE-2022-43551 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-43551
MITRE
NVD

Issuing CNA: cve-assignments@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/05/2023    

Information published.


2.0    01/12/2023    

Added cmake to CBL-Mariner 1.0 Added cmake to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-43551
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.21.4-10
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.21.4-10
2.16.1-1
None
CBL Mariner 1.0 ARM cmake (CBL-Mariner)
curl (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.21.4-3
7.86.0-2
None
CBL Mariner 1.0 x64 cmake (CBL-Mariner)
curl (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.21.4-3
7.86.0-2
None
CBL Mariner 2.0 ARM cmake (CBL-Mariner)
curl (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.21.4-3
7.86.0-2
None
CBL Mariner 2.0 x64 cmake (CBL-Mariner)
curl (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.21.4-3
7.86.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-43551 None

CVE-2022-43552 - Open Source Curl Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-43552
MITRE
NVD

Issuing CNA: HackerOne

CVE Title: Open Source Curl Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:

What is the curl open-source project?

Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client for URL". The Windows implementation provides access to the command-line tool, not the library.

What version of curl addresses this CVE?

Curl version 7.87.0 addresses this vulnerability.

Where can I find more information about this curl vulnerability?

More information can be found at NVD and curl.se

Are there any workarounds that can be implemented?

Preventing the execution of curl.exe is a workaround to be considered

Use a WDAC policy to deny execution of the \system32\curl.exe executable. You can merge the deny into an existing policy or create a new policy with it using the Merge-CIPolicy cmdlet; Merge-CIPolicy (ConfigCI) | Microsoft Learn. Once the policy XML file with the deny has been created or merged with an existing policy it must be deployed.

Choose how to deploy the policy; Deploying Windows Defender Application Control (WDAC) policies | Microsoft Learn

For example:

Create a new policy: (These steps will create a new policy named Deny-Curl.xml by merging the deny using the example policy named AllowAll.xml)

$rule = new-cipolicyrule -DriverFilePath "$env:systemroot\system32\curl.exe" -Level FilePublisher -Deny
$rule[0].attributes["MinimumFileVersion"] = "0.0.0.0"
$rule[0].attributes["MaximumFileVersion"] = "7.87.0.0"

merge-cipolicy "$env:systemroot\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml" -Rules $rule -OutputFilePath "Deny-Curl.xml"

Merge into an existing policy

$rule = new-cipolicyrule -DriverFilePath "$env:systemroot\system32\curl.exe" -Level FilePublisher -Deny
$rule[0].attributes["MinimumFileVersion"] = "0.0.0.0"
$rule[0].attributes["MaximumFileVersion"] = "7.87.0.0"

merge-cipolicy "existing_policy.xml" -Rules $rule -OutputFilePath "existing_policy.xml"

How to undo this workaround?

Guidance for how to remove WDAC policies can be found in the following documentation: Remove Windows Defender Application Control (WDAC) policies


Mitigations:
None
Workarounds:
None
Revision:
1.0    02/10/2023    

Information published.


1.1    03/14/2023    

CVE updated to add Windows software as Microsoft is aware that certain versions of Windows are affected by the cURL vulnerability. Microsoft will incorporate the new cURL Open Source library that addresses this issue in an upcoming security release.


2.0    04/11/2023    

Microsoft is announcing the availability of the April 2023 security updates to address this vulnerability for all supported versions of Windows 10 version 1809, Windows 10 version 20H2, Windows 10 version 21H2, Windows 10 version 22H2, Windows 11 version 21H2, Windows 11 version 22H2, Windows Server 2019, and Windows Server 2022. Microsoft strongly recommends that customers install the April 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.


2.1    04/12/2023    

Updated FAQ information. This is an informational change only.


1.0    06/30/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-43552
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.28.2-1
2.16.1-1
None
CBL Mariner 1.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.86.0-3 Unknown None
CBL Mariner 1.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.86.0-3 Unknown None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.86.0-3
8.0.33-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.86.0-3
8.0.33-1
1.72.0-2
None
Windows 10 Version 1809 for 32-bit Systems 5025229 (Security Update) Important Remote Code Execution 5023702
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.17763.4252
Yes 5025229
Windows 10 Version 1809 for ARM64-based Systems 5025229 (Security Update) Important Remote Code Execution 5023702
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.17763.4252
Yes 5025229
Windows 10 Version 1809 for x64-based Systems 5025229 (Security Update) Important Remote Code Execution 5023702
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.17763.4252
Yes 5025229
Windows 10 Version 20H2 for 32-bit Systems 5025221 (Security Update) Important Remote Code Execution 5023696
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.19042.2846
Yes 5025221
Windows 10 Version 20H2 for ARM64-based Systems 5025221 (Security Update) Important Remote Code Execution 5023696
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.19042.2846
Yes 5025221
Windows 10 Version 21H2 for 32-bit Systems 5025221 (Security Update) Important Remote Code Execution
5023696
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

10.0.19044.2846
Yes 5025221
Windows 10 Version 21H2 for ARM64-based Systems 5025221 (Security Update) Important Remote Code Execution
5023696
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

10.0.19044.2846
Yes 5025221
Windows 10 Version 21H2 for x64-based Systems 5025221 (Security Update) Important Remote Code Execution
5023696
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

10.0.19044.2846
Yes 5025221
Windows 10 Version 22H2 for 32-bit Systems 5025221 (Security Update) Important Remote Code Execution
5023696
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

10.0.19045.2846
Yes 5025221
Windows 10 Version 22H2 for ARM64-based Systems 5025221 (Security Update) Important Remote Code Execution
5023696
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

10.0.19045.2846
Yes 5025221
Windows 10 Version 22H2 for x64-based Systems 5025221 (Security Update) Important Remote Code Execution
5023696
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

10.0.19045.2846
Yes 5025221
Windows 11 version 21H2 for ARM64-based Systems 5025224 (Security Update) Important Remote Code Execution 5023698
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.22000.1817
Yes 5025224
Windows 11 version 21H2 for x64-based Systems 5025224 (Security Update) Important Remote Code Execution 5023698
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.22000.1817
Yes 5025224
Windows 11 Version 22H2 for ARM64-based Systems 5025239 (Security Update) Important Remote Code Execution 5023706
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.22621.1555
Yes 5025239
Windows 11 Version 22H2 for x64-based Systems 5025239 (Security Update) Important Remote Code Execution 5023706
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.22621.1555
Yes 5025239
Windows Server 2019 5025229 (Security Update) Important Remote Code Execution 5023702
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.17763.4252
Yes 5025229
Windows Server 2019 (Server Core installation) 5025229 (Security Update) Important Remote Code Execution 5023702
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.17763.4252
Yes 5025229
Windows Server 2022 5025230 (Security Update) Important Remote Code Execution 5023705
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.20348.1668
Yes 5025230
Windows Server 2022 (Server Core installation) 5025230 (Security Update) Important Remote Code Execution 5023705
Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
10.0.20348.1668
Yes 5025230

Acknowledgements

CVE ID Acknowledgements
CVE-2022-43552 Stefan Kanthak


CVE-2022-4415 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-4415
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/17/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-4415
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM systemd-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
250.3-15 Unknown None
Azure Linux 3.0 x64 systemd-bootstrap (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
250.3-15 Unknown None
CBL Mariner 2.0 ARM systemd (CBL-Mariner)
systemd-bootstrap (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
250.3-13
250.3-12
None
CBL Mariner 2.0 x64 systemd (CBL-Mariner)
systemd-bootstrap (CBL-Mariner)
Unknown Unknown Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
250.3-13
250.3-12
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-4415 None

CVE-2022-4450 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-4450
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/13/2023    

Information published.


1.0    02/14/2023    

Information published.


3.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-4450
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.1.1k-13 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.1.1k-13 Unknown None
CBL Mariner 2.0 ARM cloud-hypervisor (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
30.0-2
1.0.1-3
1.1.1k-21
1.72.0-2
None
CBL Mariner 2.0 x64 cloud-hypervisor (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
30.0-2
1.0.1-3
1.1.1k-21
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-4450 None

CVE-2022-4515 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-4515
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/30/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-4515
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ctags (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1.0-1 Unknown None
Azure Linux 3.0 x64 ctags (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1.0-1 Unknown None
CBL Mariner 2.0 ARM ctags (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.9.20220619.0-7 Unknown None
CBL Mariner 2.0 x64 ctags (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.9.20220619.0-7 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-4515 None

CVE-2022-48285 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-48285
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/02/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-48285
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM mozjs (CBL-Mariner) Unknown Unknown None Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
102.15.1-1 Unknown None
Azure Linux 3.0 x64 mozjs (CBL-Mariner) Unknown Unknown None Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
102.15.1-1 Unknown None
CBL Mariner 1.0 ARM mozjs60 (CBL-Mariner) Unknown Unknown None Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
60.9.0-13 Unknown None
CBL Mariner 1.0 x64 mozjs60 (CBL-Mariner) Unknown Unknown None Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
60.9.0-13 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-48285 None

CVE-2022-48579 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-48579
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/14/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-48579
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM clamav (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.105.2-4 Unknown None
Azure Linux 3.0 x64 clamav (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.105.2-4 Unknown None
CBL Mariner 2.0 ARM clamav (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.105.2-2 Unknown None
CBL Mariner 2.0 x64 clamav (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.105.2-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-48579 None

CVE-2022-4904 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-4904
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.6/TemporalScore:8.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/07/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-4904
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1.62.0-2 Unknown None
CBL Mariner 1.0 ARM c-ares (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1.19.0-1 Unknown None
CBL Mariner 1.0 x64 c-ares (CBL-Mariner) Unknown Unknown None Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1.19.0-1 Unknown None
CBL Mariner 2.0 ARM c-ares (CBL-Mariner)
nodejs (CBL-Mariner)
python-gevent (CBL-Mariner)
Unknown Unknown Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1.19.0-1
16.20.1-2
21.1.2-1
None
CBL Mariner 2.0 x64 c-ares (CBL-Mariner)
nodejs (CBL-Mariner)
python-gevent (CBL-Mariner)
Unknown Unknown Base: 8.6
Temporal: 8.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1.19.0-1
16.20.1-2
21.1.2-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-4904 None

CVE-2023-0215 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-0215
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/13/2023    

Information published.


2.0    02/14/2023    

Added openssl to CBL-Mariner 2.0 Added openssl to CBL-Mariner 1.0


3.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-0215
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.1.1k-13 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.1.1k-13 Unknown None
CBL Mariner 2.0 ARM cloud-hypervisor (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
30.0-2
1.0.1-3
1.1.1k-21
1.72.0-2
None
CBL Mariner 2.0 x64 cloud-hypervisor (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
30.0-2
1.0.1-3
1.1.1k-21
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-0215 None

CVE-2023-0286 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-0286
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.4/TemporalScore:7.4
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/19/2023    

Information published.


2.0    02/28/2023    

Added cloud-hypervisor to CBL-Mariner 2.0


3.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-0286
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
20240223gitedc6681206c1-1 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1.1.1k-13 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1.1.1k-13 Unknown None
CBL Mariner 2.0 ARM cloud-hypervisor (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
30.0-2
1.0.1-3
1.1.1k-21
1.72.0-2
None
CBL Mariner 2.0 x64 cloud-hypervisor (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
30.0-2
1.0.1-3
1.1.1k-21
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-0286 None

CVE-2023-0464 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-0464
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/27/2023    

Information published.


2.0    04/24/2023    

Added nodejs18 to CBL-Mariner 2.0


3.0    10/11/2023    

Added edk2 to CBL-Mariner 2.0


4.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-0464
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20230301gitf80f052277c8-37 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20230301gitf80f052277c8-37 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.1.1k-15 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.1.1k-15 Unknown None
CBL Mariner 2.0 ARM edk2 (CBL-Mariner)
hvloader (CBL-Mariner)
nodejs18 (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20230301gitf80f052277c8-34
1.0.1-3
18.17.1-2
1.1.1k-22
None
CBL Mariner 2.0 x64 edk2 (CBL-Mariner)
hvloader (CBL-Mariner)
nodejs18 (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20230301gitf80f052277c8-34
1.0.1-3
18.17.1-2
1.1.1k-22
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-0464 None

CVE-2023-1668 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-1668
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.2/TemporalScore:8.2
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/11/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-1668
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM openvswitch (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
2.17.5-3 Unknown None
Azure Linux 3.0 x64 openvswitch (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
2.17.5-3 Unknown None
CBL Mariner 2.0 ARM openvswitch (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
2.17.5-2 Unknown None
CBL Mariner 2.0 x64 openvswitch (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
2.17.5-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-1668 None

CVE-2023-22466 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-22466
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.4/TemporalScore:5.4
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/12/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-22466
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kata-containers (CBL-Mariner)
netavark (CBL-Mariner)
rpm-ostree (CBL-Mariner)
Unknown Unknown Base: 5.4
Temporal: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.2.0.azl0-2
1.10.3-1
2024.4-1
None
Azure Linux 3.0 x64 kata-containers (CBL-Mariner)
netavark (CBL-Mariner)
rpm-ostree (CBL-Mariner)
Unknown Unknown Base: 5.4
Temporal: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.2.0.azl0-2
1.10.3-1
2024.4-1
None
CBL Mariner 2.0 ARM kata-containers (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.4
Temporal: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.2.0.azl0-1
1.72.0-2
None
CBL Mariner 2.0 x64 kata-containers (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.4
Temporal: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.2.0.azl0-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-22466 None

CVE-2023-2253 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-2253
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/07/2023    

Information published.


1.0    06/08/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-2253
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM moby-engine (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
25.0.3-1 Unknown None
Azure Linux 3.0 x64 moby-engine (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
25.0.3-1 Unknown None
CBL Mariner 2.0 ARM helm (CBL-Mariner)
moby-cli (CBL-Mariner)
moby-compose (CBL-Mariner)
moby-engine (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
3.13.2-1
20.10.27-1
2.17.3-5
None
CBL Mariner 2.0 x64 helm (CBL-Mariner)
moby-cli (CBL-Mariner)
moby-compose (CBL-Mariner)
moby-engine (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
3.13.2-1
20.10.27-1
2.17.3-5
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-2253 None

CVE-2023-23914 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-23914
MITRE
NVD

Issuing CNA: cve-assignments@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/24/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-23914
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.21.4-10
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.21.4-10
2.16.1-1
None
CBL Mariner 1.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.88.1-1 Unknown None
CBL Mariner 1.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.88.1-1 Unknown None
CBL Mariner 2.0 ARM cmake (CBL-Mariner)
curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.21.4-6
7.88.1-1
8.0.33-1
1.72.0-2
None
CBL Mariner 2.0 x64 cmake (CBL-Mariner)
curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.21.4-6
7.88.1-1
8.0.33-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-23914 None

CVE-2023-23915 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-23915
MITRE
NVD

Issuing CNA: cve-assignments@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/24/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-23915
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.28.2-1
2.16.1-1
None
CBL Mariner 1.0 ARM curl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.88.1-1 Unknown None
CBL Mariner 1.0 x64 curl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.88.1-1 Unknown None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.88.1-1
8.0.33-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.88.1-1
8.0.33-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-23915 None

CVE-2023-25663 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25663
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25663
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25663 None

CVE-2023-25671 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25671
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25671
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25671 None

CVE-2023-25801 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-25801
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-25801
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-25801 None

CVE-2023-26159 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-26159
MITRE
NVD

Issuing CNA: report@snyk.io

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.1/TemporalScore:6.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/08/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-26159
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2.16.2-1 Unknown None
Azure Linux 3.0 x64 python-tensorboard (CBL-Mariner) Unknown Unknown None Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2.16.2-1 Unknown None
CBL Mariner 2.0 ARM reaper (CBL-Mariner) Unknown Unknown None Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1.1-8 Unknown None
CBL Mariner 2.0 x64 reaper (CBL-Mariner) Unknown Unknown None Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1.1-8 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-26159 None

CVE-2023-26484 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-26484
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.2/TemporalScore:8.2
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-26484
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kubevirt (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1.2.0-1 Unknown None
Azure Linux 3.0 x64 kubevirt (CBL-Mariner) Unknown Unknown None Base: 8.2
Temporal: 8.2
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1.2.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-26484 None

CVE-2023-2650 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-2650
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/05/2023    

Information published.


2.0    06/06/2023    

Added rust to CBL-Mariner 2.0


3.0    10/11/2023    

Added edk2 to CBL-Mariner 2.0


4.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-2650
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM edk2 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20230301gitf80f052277c8-37 Unknown None
Azure Linux 3.0 x64 edk2 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20230301gitf80f052277c8-37 Unknown None
CBL Mariner 1.0 ARM openssl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.1.1k-16 Unknown None
CBL Mariner 1.0 x64 openssl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.1.1k-16 Unknown None
CBL Mariner 2.0 ARM edk2 (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20230301gitf80f052277c8-37
1.0.1-3
1.1.1k-24
1.72.0-2
None
CBL Mariner 2.0 x64 edk2 (CBL-Mariner)
hvloader (CBL-Mariner)
openssl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20230301gitf80f052277c8-37
1.0.1-3
1.1.1k-24
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-2650 None

CVE-2023-27533 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-27533
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/01/2023    

Information published.


1.0    04/04/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-27533
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.28.2-1
2.16.1-1
None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.0.1-1
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.0.1-1
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-27533 None

CVE-2023-27534 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-27534
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:8.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/01/2023    

Information published.


1.0    04/03/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-27534
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.28.2-1
2.16.1-1
None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0.1-1
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 8.8
Temporal: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0.1-1
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-27534 None

CVE-2023-27535 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-27535
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/01/2023    

Information published.


1.0    04/03/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-27535
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3.28.2-1
2.16.1-1
None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.0.1-1
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.0.1-1
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-27535 None

CVE-2023-27536 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-27536
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/01/2023    

Information published.


1.0    04/03/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-27536
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3.28.2-1
2.16.1-1
None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.0.1-1
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.0.1-1
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-27536 None

CVE-2023-2816 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-2816
MITRE
NVD

Issuing CNA: security@hashicorp.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    07/17/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-2816
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1.29.4-1 Unknown None
Azure Linux 3.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1.29.4-1 Unknown None
CBL Mariner 2.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1.28.5-1 Unknown None
CBL Mariner 2.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1.28.5-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-2816 None

CVE-2023-27579 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-27579
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-27579
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-27579 None

CVE-2023-28319 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-28319
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/27/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-28319
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.16.1-1 Unknown None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2.1-1
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2.1-1
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-28319 None

CVE-2023-28320 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-28320
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/27/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-28320
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.28.2-1
2.16.1-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
tensorflow (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.28.2-1
2.16.1-1
None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2.1-1
8.0.34-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
mysql (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2.1-1
8.0.34-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-28320 None

CVE-2023-28736 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-28736
MITRE
NVD

Issuing CNA: secure@intel.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:6.7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-28736
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM mdadm (CBL-Mariner) Unknown Unknown None Base: 6.7
Temporal: 6.7
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.2-1 Unknown None
Azure Linux 3.0 x64 mdadm (CBL-Mariner) Unknown Unknown None Base: 6.7
Temporal: 6.7
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-28736 None

CVE-2023-28938 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-28938
MITRE
NVD

Issuing CNA: secure@intel.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.4/TemporalScore:4.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-28938
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM mdadm (CBL-Mariner) Unknown Unknown None Base: 4.4
Temporal: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.2-1 Unknown None
Azure Linux 3.0 x64 mdadm (CBL-Mariner) Unknown Unknown None Base: 4.4
Temporal: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-28938 None

CVE-2023-2977 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-2977
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/06/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-2977
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.25.1-3 Unknown None
Azure Linux 3.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.25.1-3 Unknown None
CBL Mariner 1.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.22.0-2 Unknown None
CBL Mariner 1.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.22.0-2 Unknown None
CBL Mariner 2.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.22.0-3 Unknown None
CBL Mariner 2.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 7.1
Temporal: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.22.0-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-2977 None

CVE-2023-29941 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-29941
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-29941
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-29941 None

CVE-2023-31130 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-31130
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.4/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/30/2023    

Information published.


2.0    05/31/2023    

Added nodejs to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-31130
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1.62.0-2 Unknown None
CBL Mariner 1.0 ARM c-ares (CBL-Mariner) Unknown Unknown None Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1.19.1-1 Unknown None
CBL Mariner 1.0 x64 c-ares (CBL-Mariner) Unknown Unknown None Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1.19.1-1 Unknown None
CBL Mariner 2.0 ARM c-ares (CBL-Mariner)
fluent-bit (CBL-Mariner)
nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1.19.1-1
2.1.10-1
16.20.1-2
18.17.1-2
None
CBL Mariner 2.0 x64 c-ares (CBL-Mariner)
fluent-bit (CBL-Mariner)
nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1.19.1-1
2.1.10-1
16.20.1-2
18.17.1-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-31130 None

CVE-2023-31147 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-31147
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/29/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-31147
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1.62.0-2 Unknown None
CBL Mariner 1.0 ARM c-ares (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1.19.1-1 Unknown None
CBL Mariner 1.0 x64 c-ares (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1.19.1-1 Unknown None
CBL Mariner 2.0 ARM c-ares (CBL-Mariner)
fluent-bit (CBL-Mariner)
nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1.19.1-1
2.1.10-1
16.20.1-2
18.17.1-2
None
CBL Mariner 2.0 x64 c-ares (CBL-Mariner)
fluent-bit (CBL-Mariner)
nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1.19.1-1
2.1.10-1
16.20.1-2
18.17.1-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-31147 None

CVE-2023-32067 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-32067
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/30/2023    

Information published.


2.0    05/31/2023    

Added nodejs to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-32067
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2 Unknown None
CBL Mariner 1.0 ARM c-ares (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.19.1-1 Unknown None
CBL Mariner 1.0 x64 c-ares (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.19.1-1 Unknown None
CBL Mariner 2.0 ARM c-ares (CBL-Mariner)
fluent-bit (CBL-Mariner)
nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.19.1-1
2.1.10-1
16.20.1-2
18.17.1-2
None
CBL Mariner 2.0 x64 c-ares (CBL-Mariner)
fluent-bit (CBL-Mariner)
nodejs (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.19.1-1
2.1.10-1
16.20.1-2
18.17.1-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-32067 None

CVE-2023-32001 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-32001
MITRE
NVD

Issuing CNA: support@hackerone.com

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-32001
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.16.1-1 Unknown None
CBL Mariner 2.0 ARM curl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
8.2.1-1
1.72.0-2
None
CBL Mariner 2.0 x64 curl (CBL-Mariner)
rust (CBL-Mariner)
Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
8.2.1-1
1.72.0-2
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-32001 None

CVE-2023-32731 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-32731
MITRE
NVD

Issuing CNA: cve-coordination@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-32731
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.62.0-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-32731 None

CVE-2023-32732 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-32732
MITRE
NVD

Issuing CNA: cve-coordination@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-32732
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1.62.0-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-32732 None

CVE-2023-3341 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-3341
MITRE
NVD

Issuing CNA: security-officer@isc.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-3341
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
Azure Linux 3.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-3341 None

CVE-2023-33953 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-33953
MITRE
NVD

Issuing CNA: cve-coordination@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-33953
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grpc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2 Unknown None
Azure Linux 3.0 x64 grpc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.62.0-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-33953 None

CVE-2023-33460 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-33460
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2023    

Information published.


2.0    06/14/2023    

Added yajl to CBL-Mariner 1.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-33460
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM yajl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.1.0-19 Unknown None
Azure Linux 3.0 x64 yajl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.1.0-19 Unknown None
CBL Mariner 1.0 ARM yajl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.1.0-18 Unknown None
CBL Mariner 1.0 x64 yajl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.1.0-18 Unknown None
CBL Mariner 2.0 ARM yajl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.1.0-19 Unknown None
CBL Mariner 2.0 x64 yajl (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.1.0-19 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-33460 None

CVE-2023-40660 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-40660
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.6/TemporalScore:6.6
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-40660
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 6.6
Temporal: 6.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.25.1-3 Unknown None
Azure Linux 3.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 6.6
Temporal: 6.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.25.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-40660 None

CVE-2023-3978 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-3978
MITRE
NVD

Issuing CNA: security@golang.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.1/TemporalScore:6.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    08/08/2023    

Information published.


2.0    01/18/2024    

Added packer to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-3978
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kubevirt (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1.2.0-1
1.29.4-1
None
Azure Linux 3.0 x64 kubevirt (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1.2.0-1
1.29.4-1
None
CBL Mariner 2.0 ARM packer (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1.10.1-1
1.27.4-1
None
CBL Mariner 2.0 x64 packer (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 6.1
Temporal: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1.10.1-1
1.27.4-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-3978 None

CVE-2023-40661 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-40661
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.4/TemporalScore:6.4
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-40661
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.25.1-3 Unknown None
Azure Linux 3.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.25.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-40661 None

CVE-2023-41051 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-41051
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/05/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-41051
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kata-containers (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
3.2.0.azl0-2 Unknown None
Azure Linux 3.0 x64 kata-containers (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
3.2.0.azl0-2 Unknown None
CBL Mariner 2.0 ARM kata-containers (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
3.2.0.azl0-1 Unknown None
CBL Mariner 2.0 x64 kata-containers (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
3.2.0.azl0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-41051 None

CVE-2023-46136 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-46136
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/30/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-46136
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-werkzeug (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.0.1-1 Unknown None
Azure Linux 3.0 x64 python-werkzeug (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.0.1-1 Unknown None
CBL Mariner 2.0 ARM python-werkzeug (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.3.7-1 Unknown None
CBL Mariner 2.0 x64 python-werkzeug (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.3.7-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-46136 None

CVE-2023-46129 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-46129
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/07/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-46129
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.29.4-1 Unknown None
Azure Linux 3.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.29.4-1 Unknown None
CBL Mariner 2.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.27.4-1 Unknown None
CBL Mariner 2.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1.27.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-46129 None

CVE-2023-46752 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-46752
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/30/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-46752
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1-2 Unknown None
Azure Linux 3.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1-2 Unknown None
CBL Mariner 2.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5.3-3 Unknown None
CBL Mariner 2.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5.3-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-46752 None

CVE-2023-47108 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-47108
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/14/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-47108
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM docker-buildx (CBL-Mariner)
docker-compose (CBL-Mariner)
moby-containerd-cc (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.14.0-1
2.27.0-1
1.7.7-3
None
Azure Linux 3.0 x64 docker-buildx (CBL-Mariner)
docker-compose (CBL-Mariner)
moby-containerd-cc (CBL-Mariner)
Unknown Unknown Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.14.0-1
2.27.0-1
1.7.7-3
None
CBL Mariner 2.0 ARM moby-containerd-cc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.7.2-3 Unknown None
CBL Mariner 2.0 x64 moby-containerd-cc (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1.7.2-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-47108 None

CVE-2023-4693 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4693
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.6/TemporalScore:4.6
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/27/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4693
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.06-18 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.06-18 Unknown None
CBL Mariner 2.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.06-13 Unknown None
CBL Mariner 2.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 4.6
Temporal: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2.06-13 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4693 None

CVE-2023-47235 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-47235
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/07/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-47235
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1-2 Unknown None
Azure Linux 3.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1-2 Unknown None
CBL Mariner 2.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5.3-4 Unknown None
CBL Mariner 2.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5.3-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-47235 None

CVE-2023-47090 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-47090
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/06/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-47090
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.29.4-1 Unknown None
Azure Linux 3.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.29.4-1 Unknown None
CBL Mariner 2.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.28.5-1 Unknown None
CBL Mariner 2.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.28.5-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-47090 None

CVE-2023-47234 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-47234
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    11/07/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-47234
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1-2 Unknown None
Azure Linux 3.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1-2 Unknown None
CBL Mariner 2.0 ARM frr (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5.3-4 Unknown None
CBL Mariner 2.0 x64 frr (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5.3-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-47234 None

CVE-2023-4807 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4807
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    10/11/2023    

Information published.


1.0    01/21/2024    

Information published.


3.0    03/07/2024    

Added kata-containers to CBL-Mariner 2.0


4.0    04/06/2024    

Added hvloader to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4807
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kata-containers-cc (CBL-Mariner)
kata-containers (CBL-Mariner)
Unknown Unknown Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.2.0.azl1-1 None
Azure Linux 3.0 x64 kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
Unknown Unknown Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.2.0.azl1-1 None
CBL Mariner 2.0 ARM hvloader (CBL-Mariner)
kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0.1-3
3.2.0.azl1-1
18.20.2-1
None
CBL Mariner 2.0 x64 hvloader (CBL-Mariner)
kata-containers (CBL-Mariner)
kata-containers-cc (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.0.1-3
3.2.0.azl1-1
18.20.2-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4807 None

CVE-2023-48795 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-48795
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.9/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/25/2023    

Information published.


2.0    12/27/2023    

Added moby-cli to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-48795
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM docker-buildx (CBL-Mariner)
kubernetes (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.14.0-1
1.30.1-1
1.29.4-1
None
Azure Linux 3.0 x64 docker-buildx (CBL-Mariner)
kubernetes (CBL-Mariner)
telegraf (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.14.0-1
1.30.1-1
1.29.4-1
None
CBL Mariner 2.0 ARM cert-manager (CBL-Mariner)
erlang (CBL-Mariner)
kubernetes (CBL-Mariner)
libssh (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1.11.2-7
25.2-2
1.28.4-4
0.10.6-1
None
CBL Mariner 2.0 x64 cert-manager (CBL-Mariner)
erlang (CBL-Mariner)
kubernetes (CBL-Mariner)
libssh (CBL-Mariner)
Unknown Unknown Base: 5.9
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1.11.2-7
25.2-2
1.28.4-4
0.10.6-1
None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-48795 None

CVE-2023-49083 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-49083
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/04/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-49083
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-cryptography (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
42.0.5-1 Unknown None
Azure Linux 3.0 x64 python-cryptography (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
42.0.5-1 Unknown None
CBL Mariner 2.0 ARM python-cryptography (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3.2-6 Unknown None
CBL Mariner 2.0 x64 python-cryptography (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3.2-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-49083 None

CVE-2023-49990 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-49990
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-49990
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM espeak-ng (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1.51.1-1 Unknown None
Azure Linux 3.0 x64 espeak-ng (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1.51.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-49990 None

CVE-2023-50658 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-50658
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/29/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-50658
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.29.4-1 Unknown None
Azure Linux 3.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.29.4-1 Unknown None
CBL Mariner 2.0 ARM telegraf (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.29.4-1 Unknown None
CBL Mariner 2.0 x64 telegraf (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.29.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-50658 None

CVE-2023-50782 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-50782
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-50782
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM python-cryptography (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
42.0.5-1 Unknown None
Azure Linux 3.0 x64 python-cryptography (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
42.0.5-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-50782 None

CVE-2023-5115 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-5115
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.3/TemporalScore:6.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-5115
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM ansible (CBL-Mariner) Unknown Unknown None Base: 6.3
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
2.17.0-1 Unknown None
Azure Linux 3.0 x64 ansible (CBL-Mariner) Unknown Unknown None Base: 6.3
Temporal: 6.3
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
2.17.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-5115 None

CVE-2024-1151 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-1151
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-1151
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.22.1-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-1151 None

CVE-2023-51257 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-51257
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-51257
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM jasper (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.2.1-1 Unknown None
Azure Linux 3.0 x64 jasper (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.2.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-51257 None

CVE-2024-0985 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-0985
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:8/TemporalScore:8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/12/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-0985
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM postgresql (CBL-Mariner) Unknown Unknown None Base: 8
Temporal: 8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
16.3-1 Unknown None
Azure Linux 3.0 x64 postgresql (CBL-Mariner) Unknown Unknown None Base: 8
Temporal: 8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
16.3-1 Unknown None
CBL Mariner 2.0 ARM postgresql (CBL-Mariner) Unknown Unknown None Base: 8
Temporal: 8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
14.11-1 Unknown None
CBL Mariner 2.0 x64 postgresql (CBL-Mariner) Unknown Unknown None Base: 8
Temporal: 8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
14.11-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-0985 None

CVE-2023-51384 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-51384
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/25/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-51384
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
9.7p1-1 Unknown None
Azure Linux 3.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
9.7p1-1 Unknown None
CBL Mariner 2.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.9p1-3 Unknown None
CBL Mariner 2.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8.9p1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-51384 None

CVE-2024-1086 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-1086
MITRE
NVD

Issuing CNA: security@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/06/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-1086
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.22.1-2 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.153.1-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.153.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-1086 None

CVE-2024-1454 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-1454
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.4/TemporalScore:3.4
Base score metrics
Attack VectorPhysical
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-1454
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM opensc (CBL-Mariner) Unknown Unknown None Base: 3.4
Temporal: 3.4
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
0.25.1-3 Unknown None
Azure Linux 3.0 x64 opensc (CBL-Mariner) Unknown Unknown None Base: 3.4
Temporal: 3.4
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
0.25.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-1454 None

CVE-2023-51385 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-51385
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/25/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-51385
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
9.7p1-1 Unknown None
Azure Linux 3.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
9.7p1-1 Unknown None
CBL Mariner 2.0 ARM openssh (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
8.9p1-3 Unknown None
CBL Mariner 2.0 x64 openssh (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
8.9p1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-51385 None

CVE-2023-51714 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-51714
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/21/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-51714
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM qtbase (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6.2-1 Unknown None
Azure Linux 3.0 x64 qtbase (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6.2-1 Unknown None
CBL Mariner 2.0 ARM qt5-qtbase (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.12.11-10 Unknown None
CBL Mariner 2.0 x64 qt5-qtbase (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.12.11-10 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-51714 None

CVE-2023-51764 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-51764
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/06/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-51764
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM postfix (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.9.0-1 Unknown None
Azure Linux 3.0 x64 postfix (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.9.0-1 Unknown None
CBL Mariner 2.0 ARM postfix (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7.0-3 Unknown None
CBL Mariner 2.0 x64 postfix (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7.0-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-51764 None

CVE-2023-52071 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-52071
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-52071
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM tensorflow (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.16.1-1 Unknown None
Azure Linux 3.0 x64 tensorflow (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.16.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-52071 None

CVE-2023-51779 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-51779
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-51779
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-51779 None

CVE-2023-6111 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6111
MITRE
NVD

Issuing CNA: security@google.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/12/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6111
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-4 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.29.1-4 Unknown None
CBL Mariner 2.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.143.1-1 Unknown None
CBL Mariner 2.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.143.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6111 None

CVE-2023-6129 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6129
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/16/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6129
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
20.14.0-1
3.3.0-1
None
Azure Linux 3.0 x64 nodejs (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
20.14.0-1
3.3.0-1
None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: 6.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6129 None

CVE-2023-6516 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6516
MITRE
NVD

Issuing CNA: security-officer@isc.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/19/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6516
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
Azure Linux 3.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.19.21-1 Unknown None
CBL Mariner 2.0 ARM bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.48-1 Unknown None
CBL Mariner 2.0 x64 bind (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.16.48-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6516 None

CVE-2023-6237 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6237
MITRE
NVD

Issuing CNA: openssl-security@openssl.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/25/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6237
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
20.14.0-1
3.3.0-1
None
Azure Linux 3.0 x64 nodejs (CBL-Mariner)
openssl (CBL-Mariner)
Unknown Unknown Base: N/A
Temporal: N/A
Vector: N/A
20.14.0-1
3.3.0-1
None
CBL Mariner 2.0 ARM nodejs18 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
18.20.2-1 Unknown None
CBL Mariner 2.0 x64 nodejs18 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
18.20.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6237 None

CVE-2024-2313 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-2313
MITRE
NVD

Issuing CNA: security@ubuntu.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:2.8/TemporalScore:2.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-2313
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM bpftrace (CBL-Mariner) Unknown Unknown None Base: 2.8
Temporal: 2.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
0.20.3-1 Unknown None
Azure Linux 3.0 x64 bpftrace (CBL-Mariner) Unknown Unknown None Base: 2.8
Temporal: 2.8
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
0.20.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-2313 None

CVE-2024-23651 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-23651
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.4/TemporalScore:7.4
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/05/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-23651
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM moby-engine (CBL-Mariner) Unknown Unknown None Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
25.0.3-1 Unknown None
Azure Linux 3.0 x64 moby-engine (CBL-Mariner) Unknown Unknown None Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
25.0.3-1 Unknown None
CBL Mariner 2.0 ARM moby-engine (CBL-Mariner) Unknown Unknown None Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
20.10.27-4 Unknown None
CBL Mariner 2.0 x64 moby-engine (CBL-Mariner) Unknown Unknown None Base: 7.4
Temporal: 7.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
20.10.27-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-23651 None

CVE-2024-23650 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-23650
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/05/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-23650
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM docker-buildx (CBL-Mariner)
docker-compose (CBL-Mariner)
moby-engine (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.14.0-1
2.27.0-1
25.0.3-1
None
Azure Linux 3.0 x64 docker-buildx (CBL-Mariner)
docker-compose (CBL-Mariner)
moby-engine (CBL-Mariner)
Unknown Unknown Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.14.0-1
2.27.0-1
25.0.3-1
None
CBL Mariner 2.0 ARM moby-compose (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2.17.3-5 Unknown None
CBL Mariner 2.0 x64 moby-compose (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2.17.3-5 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-23650 None

CVE-2024-23653 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-23653
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/05/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-23653
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM docker-buildx (CBL-Mariner)
docker-compose (CBL-Mariner)
moby-engine (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.14.0-1
2.27.0-1
25.0.3-1
None
Azure Linux 3.0 x64 docker-buildx (CBL-Mariner)
docker-compose (CBL-Mariner)
moby-engine (CBL-Mariner)
Unknown Unknown Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.14.0-1
2.27.0-1
25.0.3-1
None
CBL Mariner 2.0 ARM moby-cli (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
24.0.9-1 Unknown None
CBL Mariner 2.0 x64 moby-cli (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
24.0.9-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-23653 None

CVE-2024-27038 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27038
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27038
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27038 None

CVE-2024-24258 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-24258
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-24258
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM freeglut (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.4.0-1 Unknown None
Azure Linux 3.0 x64 freeglut (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.4.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-24258 None

CVE-2024-23652 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-23652
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.1/TemporalScore:9.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/05/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-23652
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM moby-engine (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
25.0.3-1 Unknown None
Azure Linux 3.0 x64 moby-engine (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
25.0.3-1 Unknown None
CBL Mariner 2.0 ARM moby-engine (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
20.10.27-4 Unknown None
CBL Mariner 2.0 x64 moby-engine (CBL-Mariner) Unknown Unknown None Base: 9.1
Temporal: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
20.10.27-4 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-23652 None

CVE-2024-27061 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27061
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27061
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27061 None

CVE-2024-27051 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27051
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27051
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27051 None

CVE-2024-24259 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-24259
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:7.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-24259
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM freeglut (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.4.0-1 Unknown None
Azure Linux 3.0 x64 freeglut (CBL-Mariner) Unknown Unknown None Base: 7.5
Temporal: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.4.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-24259 None

CVE-2024-27045 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27045
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27045
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27045 None

CVE-2024-24557 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-24557
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/12/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-24557
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM moby-engine (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
25.0.3-1 Unknown None
Azure Linux 3.0 x64 moby-engine (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
25.0.3-1 Unknown None
CBL Mariner 2.0 ARM moby-engine (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
24.0.9-1 Unknown None
CBL Mariner 2.0 x64 moby-engine (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
24.0.9-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-24557 None

CVE-2024-27037 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27037
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27037
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27037 None

CVE-2024-27058 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27058
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27058
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27058 None

CVE-2024-27078 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-27078
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-27078
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-27078 None

CVE-2024-24758 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-24758
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:3.9/TemporalScore:3.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-24758
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM nodejs (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
20.14.0-1 Unknown None
Azure Linux 3.0 x64 nodejs (CBL-Mariner) Unknown Unknown None Base: 3.9
Temporal: 3.9
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
20.14.0-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-24758 None

CVE-2024-29158 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29158
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29158
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29158 None

CVE-2024-24806 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-24806
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:7.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    02/12/2024    

Information published.


2.0    02/15/2024    

Added libuv to CBL-Mariner 2.0


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-24806
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM cmake (CBL-Mariner)
libuv (CBL-Mariner)
nodejs (CBL-Mariner)
Unknown Unknown Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.28.2-6
1.48.0-1
20.14.0-1
None
Azure Linux 3.0 x64 cmake (CBL-Mariner)
libuv (CBL-Mariner)
nodejs (CBL-Mariner)
Unknown Unknown Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.28.2-6
1.48.0-1
20.14.0-1
None
CBL Mariner 2.0 ARM libuv (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1.43.0-2
18.18.2-4
None
CBL Mariner 2.0 x64 libuv (CBL-Mariner)
nodejs18 (CBL-Mariner)
Unknown Unknown Base: 7.3
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1.43.0-2
18.18.2-4
None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-24806 None

CVE-2024-29159 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29159
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29159
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29159 None

CVE-2024-26581 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26581
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/04/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26581
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.22.1-2 Unknown None
CBL Mariner 2.0 ARM hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.153.1-1 Unknown None
CBL Mariner 2.0 x64 hyperv-daemons (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.15.153.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26581 None

CVE-2024-25620 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-25620
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.4/TemporalScore:6.4
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-25620
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM helm (CBL-Mariner) Unknown Unknown None Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
3.13.2-3 Unknown None
Azure Linux 3.0 x64 helm (CBL-Mariner) Unknown Unknown None Base: 6.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
3.13.2-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-25620 None

CVE-2024-26455 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26455
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/04/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26455
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM fluent-bit (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0.3-1 Unknown None
Azure Linux 3.0 x64 fluent-bit (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
3.0.3-1 Unknown None
CBL Mariner 2.0 ARM fluent-bit (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.2.3-1 Unknown None
CBL Mariner 2.0 x64 fluent-bit (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
2.2.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26455 None

CVE-2024-26582 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26582
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26582
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 7.8
Temporal: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.6.22.1-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26582 None

CVE-2024-29160 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29160
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29160
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29160 None

CVE-2024-26583 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26583
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/16/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26583
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hyperv-daemons (CBL-Mariner)
kernel (CBL-Mariner)
Unknown Unknown Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.22.1-2 None
Azure Linux 3.0 x64 hyperv-daemons (CBL-Mariner)
kernel (CBL-Mariner)
Unknown Unknown Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.22.1-2 None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26583 None

CVE-2024-26585 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26585
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.7
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    03/15/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26585
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.22.1-2 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.22.1-2 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 4.7
Temporal: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26585 None

CVE-2024-26901 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26901
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26901
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26901 None

CVE-2024-26903 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26903
MITRE
NVD

Issuing CNA: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26903
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26903 None

CVE-2024-26902 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26902
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/30/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26902
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6.29.1-3 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: 5.5
Temporal: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26902 None

CVE-2024-26904 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-26904
MITRE
NVD

Issuing CNA: cve@kernel.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    04/30/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-26904
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-3 Unknown None
Azure Linux 3.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
6.6.29.1-3 Unknown None
CBL Mariner 2.0 ARM kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.158.2-1 Unknown None
CBL Mariner 2.0 x64 kernel (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
5.15.158.2-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-26904 None

CVE-2024-29165 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29165
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29165
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29165 None

CVE-2024-29166 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29166
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29166
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29166 None

CVE-2024-29195 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29195
MITRE
NVD

Issuing CNA: security-advisories@github.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6/TemporalScore:6
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29195
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 6
Temporal: 6
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
2024.03.04-1 Unknown None
Azure Linux 3.0 x64 azure-iot-sdk-c (CBL-Mariner) Unknown Unknown None Base: 6
Temporal: 6
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
2024.03.04-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29195 None

CVE-2024-31852 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-31852
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-31852
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM llvm (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
18.1.2-3 Unknown None
Azure Linux 3.0 x64 llvm (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
18.1.2-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-31852 None

CVE-2024-3177 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-3177
MITRE
NVD

Issuing CNA: jordan@liggitt.net

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:2.7/TemporalScore:2.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityNone
AvailabilityNone
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-3177
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM kubernetes (CBL-Mariner) Unknown Unknown None Base: 2.7
Temporal: 2.7
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1.30.1-1 Unknown None
Azure Linux 3.0 x64 kubernetes (CBL-Mariner) Unknown Unknown None Base: 2.7
Temporal: 2.7
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1.30.1-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-3177 None

CVE-2024-30205 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30205
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30205
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
Azure Linux 3.0 x64 emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
CBL Mariner 2.0 ARM emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None
CBL Mariner 2.0 x64 emacs (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
29.3-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30205 None

CVE-2024-31744 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-31744
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-31744
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM jasper (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
4.2.1-2 Unknown None
Azure Linux 3.0 x64 jasper (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
4.2.1-2 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-31744 None

CVE-2024-32610 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32610
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32610
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32610 None

CVE-2024-32609 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32609
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32609
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32609 None

CVE-2024-32612 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32612
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32612
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32612 None

CVE-2024-32614 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32614
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32614
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32614 None

CVE-2024-32611 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32611
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32611
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32611 None

CVE-2024-32613 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-32613
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:
None
Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    05/14/2024    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-32613
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
Azure Linux 3.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4.3-1 Unknown None
CBL Mariner 2.0 ARM hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None
CBL Mariner 2.0 x64 hdf5 (CBL-Mariner) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
1.14.4-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-32613 None

CVE-2017-16844 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2017-16844
MITRE
NVD

Issuing CNA: cve@mitre.org

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    12/16/2021    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2017-16844
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM procmail (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.22-53 Unknown None
Azure Linux 3.0 x64 procmail (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.22-53 Unknown None
CBL Mariner 2.0 ARM procmail (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.22-53 Unknown None
CBL Mariner 2.0 x64 procmail (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.22-53 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2017-16844 None

CVE-2022-0699 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-0699
MITRE
NVD

Issuing CNA: security@elastic.co

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    09/05/2023    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-0699
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM shapelib (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.5.0-3 Unknown None
Azure Linux 3.0 x64 shapelib (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.5.0-3 Unknown None
CBL Mariner 2.0 ARM shapelib (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.5.0-3 Unknown None
CBL Mariner 2.0 x64 shapelib (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.5.0-3 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2022-0699 None

CVE-2019-5544 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2019-5544
MITRE
NVD

Issuing CNA: security@vmware.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:9.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    01/19/2022    

Information published.


1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-5544
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM openslp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0.0-26 Unknown None
Azure Linux 3.0 x64 openslp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0.0-26 Unknown None
CBL Mariner 2.0 ARM openslp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0.0-26 Unknown None
CBL Mariner 2.0 x64 openslp (CBL-Mariner) Unknown Unknown None Base: 9.8
Temporal: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.0.0-26 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2019-5544 None

CVE-2023-6780 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-6780
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:5.3/TemporalScore:5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-6780
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM glibc (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2.38-6 Unknown None
Azure Linux 3.0 x64 glibc (CBL-Mariner) Unknown Unknown None Base: 5.3
Temporal: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2.38-6 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-6780 None

CVE-2023-4001 - Unknown

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-4001
MITRE
NVD

Issuing CNA: secalert@redhat.com

CVE Title: Unknown
CVSS:

CVSS:3.1 Highest BaseScore:6.8/TemporalScore:6.8
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/30/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-4001
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Linux 3.0 ARM grub2 (CBL-Mariner) Unknown Unknown None Base: 6.8
Temporal: 6.8
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.12-1 Unknown None
Azure Linux 3.0 x64 grub2 (CBL-Mariner) Unknown Unknown None Base: 6.8
Temporal: 6.8
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.12-1 Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-4001 None

CVE-2024-5841 - Chromium: CVE-2024-5841 Use after free in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5841
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5841 Use after free in V8
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5841
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5841 None

CVE-2024-5835 - Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5835
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5835
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5835 None

CVE-2024-5837 - Chromium: CVE-2024-5837 Type Confusion in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5837
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5837 Type Confusion in V8
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5837
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5837 None

CVE-2024-5844 - Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5844
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5844
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5844 None

CVE-2024-5833 - Chromium: CVE-2024-5833 Type Confusion in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5833
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5833 Type Confusion in V8
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5833
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5833 None

CVE-2024-5839 - Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5839
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5839
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5839 None

CVE-2024-5836 - Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5836
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5836
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5836 None

CVE-2024-5834 - Chromium: CVE-2024-5834 Inappropriate implementation in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5834
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5834 Inappropriate implementation in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5834
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5834 None

CVE-2024-5843 - Chromium: CVE-2024-5843 Inappropriate implementation in Downloads

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5843
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5843 Inappropriate implementation in Downloads
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5843
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5843 None

CVE-2024-5831 - Chromium: CVE-2024-5831 Use after free in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5831
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5831 Use after free in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5831
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5831 None

CVE-2024-5840 - Chromium: CVE-2024-5840 Policy Bypass in CORS

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5840
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5840 Policy Bypass in CORS
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5840
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5840 None

CVE-2024-5842 - Chromium: CVE-2024-5842 Use after free in Browser UI

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5842
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5842 Use after free in Browser UI
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5842
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5842 None

CVE-2024-5838 - Chromium: CVE-2024-5838 Type Confusion in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5838
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5838 Type Confusion in V8
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5838
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5838 None

CVE-2024-5832 - Chromium: CVE-2024-5832 Use after free in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5832
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5832 Use after free in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5832
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5832 None

CVE-2024-5830 - Chromium: CVE-2024-5830 Type Confusion in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5830
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5830 Type Confusion in V8
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5830
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5830 None

CVE-2024-30069 - Windows Remote Access Connection Manager Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30069
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30069
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Information Disclosure 5037788 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Information Disclosure 5037788 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Information Disclosure 5037763 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Information Disclosure 5037763 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Information Disclosure 5037765 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Information Disclosure 5037765 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Information Disclosure 5037765 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Information Disclosure 5037768
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Information Disclosure 5037768
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Information Disclosure 5037768
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Information Disclosure
5037768
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Information Disclosure
5037768
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Information Disclosure
5037768
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Information Disclosure 5037770
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Information Disclosure 5037770
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Information Disclosure 5037771 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Information Disclosure 5037771 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Information Disclosure 5037771 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Information Disclosure 5037771 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2016 5039214 (Security Update) Important Information Disclosure 5037763 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Information Disclosure 5037763 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Information Disclosure 5037765 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Information Disclosure 5037765 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Information Disclosure 5037782

5037848
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Information Disclosure 5037782

5037848
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Information Disclosure 5037781 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30069 George Hughey with MSRC Vulnerabilities & Mitigations


CVE-2024-30070 - DHCP Server Service Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30070
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: DHCP Server Service Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:

The following mitigating factors might be helpful in your situation:

Customers who have not configured their DHCP server as a failover are not affected by this vulnerability.


Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30070
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2012 5039260 (Monthly Rollup) Important Denial of Service 5037778 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Denial of Service 5037778 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Denial of Service 5037823 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Denial of Service 5037823 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Denial of Service 5037763 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Denial of Service 5037763 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Denial of Service 5037765 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Denial of Service 5037765 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30070 YanZiShuang@BigCJTeam of cyberkl


CVE-2024-30072 - Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30072
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30072
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Remote Code Execution 5037781 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30072 Laith AL-Satari


CVE-2024-30074 - Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30074
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8/TemporalScore:7.2
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.


How could an attacker exploit the vulnerability?

An unauthenticated attacker could send a malicious networking packet to an adjacent system where a user is running the Network Map functionality over a WiFi networking adapter, which could enable remote code execution.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30074
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7.2
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7.2
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7.2
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7.2
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 8
Temporal: 7.2
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 8
Temporal: 7.2
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.1.7601.27170 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30074 Wei in Kunlun Lab with Cyber KunLun


CVE-2024-30075 - Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30075
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.


How could an attacker exploit the vulnerability?

An unauthenticated attacker could send a malicious networking packet to an adjacent system where a user is running the Network Map functionality over a WiFi networking adapter, which could enable remote code execution.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30075
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30075 Wei in Kunlun Lab with Cyber KunLun


CVE-2024-30076 - Windows Container Manager Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30076
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Container Manager Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?

This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30076
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30076 Jakub Štrom


CVE-2024-30077 - Windows OLE Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30077
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows OLE Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30077
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Remote Code Execution 5037781 Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30077 bee13oy with Cyber Kunlun Lab


Anonymous


CVE-2024-30078 - Windows Wi-Fi Driver Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30078
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Wi-Fi Driver Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.


How could an attacker exploit the vulnerability?

An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30078
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Remote Code Execution 5037781 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30078 Wei in Kunlun Lab with Cyber KunLun


CVE-2024-30080 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30080
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:9.8/TemporalScore:8.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

How could an attacker exploit the vulnerability?

To exploit this vulnerability, an attacker would need to send a series of specially crafted MSMQ packets in a rapid sequence over HTTP to a MSMQ server.

This could result in remote code execution on the server side.


Mitigations:

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:

The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. To determine if your system is susceptible, check to see if the MSMQ HTTP-Support feature is enabled and if there is a service running named Message Queuing on the machine.


Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


1.1    06/13/2024    

Corrected information in the FAQ and Mitigation sections as follows: To exploit the vulnerability, an attacker must send a series of specially crafted MSMQ packets in a rapid sequence over HTTP to a MSMQ server. To determine if your system is susceptible, check to see if the MSMQ HTTP-Support feature is enabled and if there is a service running named Message Queuing on the machine. These are informational changes only.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30080
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Critical Remote Code Execution 5037788 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Critical Remote Code Execution 5037788 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Critical Remote Code Execution 5037763 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Critical Remote Code Execution 5037763 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Critical Remote Code Execution 5037765 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Critical Remote Code Execution 5037765 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Critical Remote Code Execution 5037765 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Critical Remote Code Execution 5037768
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Critical Remote Code Execution 5037768
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Critical Remote Code Execution 5037768
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Critical Remote Code Execution
5037768
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Critical Remote Code Execution
5037768
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Critical Remote Code Execution
5037768
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Critical Remote Code Execution 5037770
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Critical Remote Code Execution 5037770
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Critical Remote Code Execution 5037771 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Critical Remote Code Execution 5037771 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Critical Remote Code Execution 5037771 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Critical Remote Code Execution 5037771 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Critical Remote Code Execution 5037800
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Critical Remote Code Execution 5037800
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Critical Remote Code Execution 5037800
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Critical Remote Code Execution 5037800
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Critical Remote Code Execution 5037780
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Critical Remote Code Execution 5037780
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Critical Remote Code Execution 5037778 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Critical Remote Code Execution 5037778 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Critical Remote Code Execution 5037823 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Critical Remote Code Execution 5037823 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Critical Remote Code Execution 5037763 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Critical Remote Code Execution 5037763 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Critical Remote Code Execution 5037765 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Critical Remote Code Execution 5037765 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Critical Remote Code Execution 5037782

5037848
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Critical Remote Code Execution 5037782

5037848
Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Critical Remote Code Execution 5037781 Base: 9.8
Temporal: 8.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30080 k0shl with Kunlun Lab


CVE-2024-30082 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30082
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30082
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30082 Marcin Wiazowski with Trend Micro Zero Day Initiative


CVE-2024-35250 - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35250
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


1.1    06/11/2024    

Updated acknowledgment. This is an informational change only.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35250
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35250 Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro Zero Day Initiative


Angelboy (@scwuaptx) with DEVCORE


CVE-2024-35255 - Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35255
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions.


According to the CVSS metric, Integrity and Availability impact is None (I:N/A:N). What does that mean for this vulnerability?

An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files.


Which credential types provided by the Azure Identity client library are affected?

The vulnerability exists in the following credential types:

  • DefaultAzureCredential
  • ManagedIdentityCredential

Which credential types provided by the Microsoft Authentication Libraries are affected?

The vulnerability exists in the following credential types:


**What versions of Microsoft Authentication Libraries (MSAL) are affected by this vulnerability? **

Microsoft Authentication Library Minimum Version Number Affected Fixed Version Number
MSAL for .NET 4.49.1 4.61.3
MSAL for Java 1.14.4-beta 1.15.1
MSAL for Node 2.7.0 2.9.2

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


2.0    06/11/2024    

In the Security Updates table, removed Microsoft Authentication Library (MSAL) for Python as it is not affected by CVE-2024-35255.


2.1    06/12/2024    

Added an FAQ. This is an information change only.


2.2    06/13/2024    

Corrected Fixed Build Number and Download links in the Security Updates table. This is an informational change only.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35255
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Identity Library for .NET Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1.11.4 Maybe None
Azure Identity Library for C++ Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1.8.0 Maybe None
Azure Identity Library for Go Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1.6.0 Maybe None
Azure Identity Library for Java Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1.12.2 Maybe None
Azure Identity Library for JavaScript Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
4.2.1 Maybe None
Azure Identity Library for Python Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1.16.1 Maybe None
Microsoft Authentication Library (MSAL) for .NET Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
4.61.3 Maybe None
Microsoft Authentication Library (MSAL) for Java Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1.15.1 Maybe None
Microsoft Authentication Library (MSAL) for Node.js Release Notes (Security Update) Important Elevation of Privilege None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
2.9.2 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35255 Vladimir Abramzon with Microsoft


Eli Arbel with Microsoft


CVE-2023-50868 - MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2023-50868
MITRE
NVD

Issuing CNA: MITRE Corporation

CVE Title: MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)?

CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf.

Please see CVE-2023-50868 for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2023-50868
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2012 5039260 (Monthly Rollup) Important Denial of Service 5037778 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Denial of Service 5037778 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Denial of Service 5037823 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Denial of Service 5037823 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Denial of Service 5037763 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Denial of Service 5037763 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Denial of Service 5037765 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Denial of Service 5037765 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Denial of Service 5037782

5037848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Denial of Service 5037782

5037848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Denial of Service 5037781 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2023-50868 Petr Špaček from Internet Systems Consortium (ISC)


CVE-2024-29187 - GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29187
MITRE
NVD

Issuing CNA: GitHub

CVE Title: GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?

An authorized attacker must send the user a malicious file and convince the user to open it.


Why is this GitHub CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Wix Toolset software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29187
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
15.9.63 Maybe None
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.11.37 Maybe None
Microsoft Visual Studio 2022 version 17.10 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
17.10.2 Maybe None
Microsoft Visual Studio 2022 version 17.4 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
17.4.20 Maybe None
Microsoft Visual Studio 2022 version 17.6 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
17.6.16 Maybe None
Microsoft Visual Studio 2022 version 17.8 Release Notes (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
17.8.11 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29187 Naceri with MSRC Vulnerabilities & Mitigations


CVE-2024-5493 - Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5493
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 125.0.2535.85 6/3/2024 125.0.6422.141/.142

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/03/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5493
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
125.0.2535.85 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5493 None

CVE-2024-5498 - Chromium: CVE-2024-5498 Use after free in Presentation API

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5498
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5498 Use after free in Presentation API
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 125.0.2535.85 6/3/2024 125.0.6422.141/.142

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/03/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5498
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
125.0.2535.85 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5498 None

CVE-2024-5496 - Chromium: CVE-2024-5496 Use after free in Media Session

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5496
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5496 Use after free in Media Session
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 125.0.2535.85 6/3/2024 125.0.6422.141/.142

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/03/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5496
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
125.0.2535.85 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5496 None

CVE-2024-5499 - Chromium: CVE-2024-5499 Out of bounds write in Streams API

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5499
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5499 Out of bounds write in Streams API
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 125.0.2535.85 6/3/2024 125.0.6422.141/.142

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/03/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5499
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
125.0.2535.85 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5499 None

CVE-2024-5494 - Chromium: CVE-2024-5494 Use after free in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5494
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5494 Use after free in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 125.0.2535.85 6/3/2024 125.0.6422.141/.142

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/03/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5494
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
125.0.2535.85 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5494 None

CVE-2024-5497 - Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5497
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 125.0.2535.85 6/3/2024 125.0.6422.141/.142

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/03/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5497
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
125.0.2535.85 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5497 None

CVE-2024-5495 - Chromium: CVE-2024-5495 Use after free in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5495
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5495 Use after free in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 125.0.2535.85 6/3/2024 125.0.6422.141/.142

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/03/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5495
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
125.0.2535.85 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5495 None

CVE-2024-6103 - Chromium: CVE-2024-6103: Use after free in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-6103
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-6103: Use after free in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/20/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-6103
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.68 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-6103 None

CVE-2024-6102 - Chromium: CVE-2024-6102: Out of bounds memory access in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-6102
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-6102: Out of bounds memory access in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/20/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-6102
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.68 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-6102 None

CVE-2024-6101 - Chromium: CVE-2024-6101: Inappropriate implementation in WebAssembly

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-6101
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-6101: Inappropriate implementation in WebAssembly
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/20/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-6101
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.68 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-6101 None

CVE-2024-6100 - Chromium: CVE-2024-6100 Type Confusion in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-6100
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-6100 Type Confusion in V8
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/20/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-6100
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.68 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-6100 None

CVE-2024-38093 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38093
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/20/2024    

Information published.


Moderate Spoofing

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38093
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Moderate Spoofing None Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
126.0.2592.68 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38093 Renwa


CVE-2024-38082 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38082
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.


Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/20/2024    

Information published.


1.1    06/25/2024    

Updated the severity of the products in the Security Updates table. This is an informational change only.


1.2    06/26/2024    

Updated CWE value. This is an informational change only.


Low Spoofing

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38082
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Low Spoofing None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C
126.0.2592.68 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38082

CVE-2024-35260 - Microsoft Dataverse Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35260
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Dataverse Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8/TemporalScore:7
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:

An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.


FAQ:

Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency.

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/27/2024    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35260
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Power Platform Critical Remote Code Execution None Base: 8
Temporal: 7
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown Unknown None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35260 Erik Donker


CVE-2024-29060 - Visual Studio Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-29060
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker could create a malicious extension and then wait for an authenticated user to create a new Visual Studio project that uses that extension. The result is that the attacker could gain the privileges of the user.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain administrator privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?

The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-29060
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
15.9.63 Maybe None
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Elevation of Privilege None Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
16.11.37 Maybe None
Microsoft Visual Studio 2022 version 17.10 Release Notes (Security Update) Important Elevation of Privilege None Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
17.10.2 Maybe None
Microsoft Visual Studio 2022 version 17.4 Release Notes (Security Update) Important Elevation of Privilege None Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
17.4.20 Maybe None
Microsoft Visual Studio 2022 version 17.6 Release Notes (Security Update) Important Elevation of Privilege None Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
17.6.16 Maybe None
Microsoft Visual Studio 2022 version 17.8 Release Notes (Security Update) Important Elevation of Privilege None Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
17.8.11 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-29060 Filip Dragović


CVE-2024-30062 - Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30062
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A user would have to restart the compromised service on the server to trigger the vulnerability.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30062
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30062 k0shl with Kunlun Lab


CVE-2024-30063 - Windows Distributed File System (DFS) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30063
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:6.7/TemporalScore:5.8
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

This vulnerability could be triggered when a user connects a Windows client to a malicious server.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to have obtained low privileged code execution on target host first.


According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

Exploiting this vulnerability requires an attacker to be on the same network segment as the target system. Traffic associated with exploitation of this vulnerability is not routable and is bound to the data link layer of the OSI model.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30063
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Remote Code Execution 5037781 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30063 Anonymous


CVE-2024-30064 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30064
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a contained execution environment escape. Please refer to AppContainer Isolation for more information.


How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.


What privileges could an attacker gain with a successful exploitation?

An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process.

This could lead to further system compromise and unauthorized actions within the network.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30064
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30064 k0shl with Kunlun Lab


CVE-2024-30065 - Windows Themes Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30065
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Themes Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30065
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Denial of Service 5037788 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Denial of Service 5037788 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Denial of Service 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Denial of Service 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Denial of Service 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Denial of Service 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Denial of Service 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Denial of Service 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Denial of Service 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Denial of Service 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Denial of Service
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Denial of Service
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Denial of Service
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Denial of Service 5037770
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Denial of Service 5037770
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Denial of Service 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Denial of Service 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Denial of Service 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Denial of Service 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Denial of Service 5037778 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Denial of Service 5037778 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Denial of Service 5037823 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Denial of Service 5037823 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Denial of Service 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Denial of Service 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Denial of Service 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Denial of Service 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Denial of Service 5037782

5037848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Denial of Service 5037782

5037848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Denial of Service 5037781 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30065 goodbyeselene


CVE-2024-30066 - Winlogon Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30066
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Winlogon Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability?

An authenticated attacker could replace valid file content with specially crafted file content.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30066
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30066 goodbyeselene


CVE-2024-30067 - Winlogon Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30067
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Winlogon Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability?

An authenticated attacker could replace valid file content with specially crafted file content.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30067
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30067 goodbyeselene


CVE-2024-30068 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30068
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.


How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30068
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30068 Anonymous




CVE-2024-30083 - Windows Standards-Based Storage Management Service Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30083
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30083
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Denial of Service 5037823 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Denial of Service 5037823 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Denial of Service 5037763 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Denial of Service 5037763 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Denial of Service 5037765 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Denial of Service 5037765 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Denial of Service 5037782

5037848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Denial of Service 5037782

5037848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30083 Azure Yang with Kunlun Lab


CVE-2024-30084 - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30084
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.1    06/11/2024    

Updated acknowledgment. This is an informational change only.


1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30084
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30084 Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro Zero Day Initiative


CVE-2024-30085 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30085
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.1    06/11/2024    

Updated acknowledgment. This is an informational change only.


1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30085
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30085 Gwangun Jung(@pr0ln) and Junoh Lee(@bbbig12) at Theori(@theori_io) working with Trend Micro Zero Day Initiative


Alex Birnberg for TyphoonPWN24


Anonymous with SSD Secure Disclosure


CVE-2024-30086 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30086
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.1    06/11/2024    

Updated acknowledgment. This is an informational change only.


1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30086
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30086 Bruno Pujos from REverse Tactics working with Trend Micro Zero Day Initiative


CVE-2024-30087 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30087
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

The attacker would gain the rights of the user that is running the affected application.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30087
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30087 Marcin Wiazowski with Trend Micro Zero Day Initiative


CVE-2024-30088 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30088
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:6.3
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30088
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30088 Emma Kirkpatrick (@carrot_c4k3) working with Trend Micro Zero Day Initiative


CVE-2024-30089 - Microsoft Streaming Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30089
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Streaming Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30089
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30089 Valentina Palmiotti (@chompie1337) of IBM X-Force working with Trend Micro Zero Day Initiative


CVE-2024-30090 - Microsoft Streaming Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30090
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Streaming Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30090
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30090 Angelboy (@scwuaptx) with DEVCORE


CVE-2024-30091 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30091
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


1.1    06/19/2024    

Updated FAQ information. This is an informational change only.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30091
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7.8
Temporal: 7
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30091 Tobias Klein


CVE-2024-30093 - Windows Storage Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30093
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Storage Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?

An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Volume Shadow Copy functionality.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30093
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Elevation of Privilege 5037800
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Elevation of Privilege 5037780
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Elevation of Privilege 5037778 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Elevation of Privilege 5037823 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30093 Or Yair with SafeBreach


CVE-2024-30094 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30094
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30094
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Remote Code Execution 5037781 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30094 Anonymous


CVE-2024-30095 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30095
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30095
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2008 for 32-bit Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5039245 (Monthly Rollup)
5039266 (Security Only)
Important Remote Code Execution 5037800
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.0.6003.22720
Yes 5039245
5039266
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5039289 (Monthly Rollup)
5039274 (Security Only)
Important Remote Code Execution 5037780
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.1.7601.27170 Yes None
Windows Server 2012 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 (Server Core installation) 5039260 (Monthly Rollup) Important Remote Code Execution 5037778 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.2.9200.24919 Yes None
Windows Server 2012 R2 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2012 R2 (Server Core installation) 5039294 (Monthly Rollup) Important Remote Code Execution 5037823 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
6.3.9600.22023 Yes None
Windows Server 2016 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Remote Code Execution 5037781 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30095 Anonymous


CVE-2024-30096 - Windows Cryptographic Services Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30096
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Cryptographic Services Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets.


What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could disclose sensitive information such as KeyGuard (KG) keys, which are intended to be per-boot and used to protect sensitive data.

If an attacker can persist these keys, they could potentially decrypt any information that was encrypted with the KG key, leading to the exposure of a wide range of sensitive and confidential information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30096
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Information Disclosure 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Information Disclosure 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Information Disclosure 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Information Disclosure 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Information Disclosure 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Information Disclosure 5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Information Disclosure
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Information Disclosure
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Information Disclosure
5037768
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Information Disclosure 5037770
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Information Disclosure 5037770
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Information Disclosure 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Information Disclosure 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Information Disclosure 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Information Disclosure 5037771 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2019 5039217 (Security Update) Important Information Disclosure 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Information Disclosure 5037765 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Information Disclosure 5037782

5037848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Information Disclosure 5037782

5037848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Information Disclosure 5037781 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30096 Brandon Zhang and Mohsen Mohammadi with Microsoft


CVE-2024-30097 - Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30097
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.


How could an attacker exploit this vulnerability?

An attacker could exploit a double free vulnerability within the OS SAPI component to cause a denial of service or execute arbitrary code, compromising system integrity and availability.


According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

This attack requires an authenticated client to click a link in order in for an unauthenticated attacker to initiate remote code execution.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30097
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Remote Code Execution 5037788 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution 5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Remote Code Execution
5037768
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Remote Code Execution 5037770
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Remote Code Execution 5037771 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2016 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Remote Code Execution 5037763 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Remote Code Execution 5037765 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Remote Code Execution 5037782

5037848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Remote Code Execution 5037781 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30097 None

CVE-2024-30099 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30099
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:6.3
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30099
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 for 32-bit Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 for x64-based Systems 5039225 (Security Update) Important Elevation of Privilege 5037788 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.10240.20680 Yes None
Windows 10 Version 1607 for 32-bit Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1607 for x64-based Systems 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2016 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2016 (Server Core installation) 5039214 (Security Update) Important Elevation of Privilege 5037763 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.14393.7070 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2022 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022 (Server Core installation) 5039227 (Security Update)
5039330 (Security Hotpatch Update)
Important Elevation of Privilege 5037782

5037848
Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.20348.2527

10.0.20348.2522
Yes 5039227
Windows Server 2022, 23H2 Edition (Server Core installation) 5039236 (Security Update) Important Elevation of Privilege 5037781 Base: 7
Temporal: 6.3
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10.0.25398.950 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30099 George Hughey with MSRC Vulnerabilities and Mitigations


CVE-2024-30100 - Microsoft SharePoint Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30100
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30100
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft SharePoint Enterprise Server 2016 5002604 (Security Update) Important Remote Code Execution 5002598 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.5452.1000 Maybe None
Microsoft SharePoint Server 2019 5002602 (Security Update) Important Remote Code Execution 5002596 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.10411.20004 Maybe None
Microsoft SharePoint Server Subscription Edition 5002603 (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.17328.20362 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30100 cjM00n & Edwardzpeng


CVE-2024-30101 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30101
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Successful exploitation of this vulnerability requires a user to open a malicious email with an affected version of Microsoft Outlook and then perform specific actions to trigger the vulnerability.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Is the Preview Pane an attack vector for this vulnerability?

Yes. The Preview Pane is an attack vector, but additional user interaction is required.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30101
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office 2016 (32-bit edition) 5002591 (Security Update)
5002575 (Security Update)
Important Remote Code Execution 5002537
5002467
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.5452.1000 Maybe None
Microsoft Office 2016 (64-bit edition) 5002591 (Security Update)
5002575 (Security Update)
Important Remote Code Execution 5002537
5002467
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.5452.1000 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30101 849db8e253fb723f1bb056416bce0922


CVE-2024-30102 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30102
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30102
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30102 Quan Jin with DBAPPSecurity WeBin Lab


CVE-2024-30103 - Microsoft Outlook Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30103
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

Is the Preview Pane an attack vector for this vulnerability?

Yes, the Preview Pane is an attack vector.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

The attacker must be authenticated using valid Exchange user credentials.


How could an attacker exploit this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30103
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Outlook 2016 (32-bit edition) 5002600 (Security Update) Important Remote Code Execution 5002543 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.5452.1000 Maybe None
Microsoft Outlook 2016 (64-bit edition) 5002600 (Security Update) Important Remote Code Execution 5002543 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.5452.1000 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30103 Arnold Osipov with Morphisec


Shmuel Uzan with Morphisec


Michael Gorelik with Morphisec


CVE-2024-30104 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30104
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30104
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office 2016 (32-bit edition) 5002591 (Security Update)
5002575 (Security Update)
Important Remote Code Execution 5002537
5002467
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.5452.1000 Maybe None
Microsoft Office 2016 (64-bit edition) 5002591 (Security Update)
5002575 (Security Update)
Important Remote Code Execution 5002537
5002467
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
16.0.5452.1000 Maybe None
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC 2021 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None
Microsoft Office LTSC 2021 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
https://aka.ms/OfficeSecurityReleases No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30104 Luke Papandrea, Microsoft Corporation


CVE-2024-35248 - Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35248
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?

While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

The attacker would gain the rights of the user that is running the affected application.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35248
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 5038529 (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
Application Build 22.13.64344, Platform Build 22.0 Maybe None
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 5038530 (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
Application Build 23.7.18957, Platform Build 23.0. Maybe None
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 5038531 (Security Update) Important Elevation of Privilege None Base: 7.3
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
Application Build 24.1.19498, Platform Build 24.0. Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35248 Dr. Florian Hauser @frycos with CODE WHITE GmbH


CVE-2024-35249 - Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35249
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35249
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 5038529 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Application Build 22.13.64344, Platform Build 22.0 Maybe None
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 5038530 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Application Build 23.7.18957, Platform Build 23.0. Maybe None
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 5038531 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Application Build 24.1.19498, Platform Build 24.0. Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35249 Dr. Florian Hauser @frycos with CODE WHITE GmbH


CVE-2024-35252 - Azure Storage Movement Client Library Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35252
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure Storage Movement Client Library Denial of Service Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35252
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Storage Movement Client Library for .NET Release Notes (Security Update) Important Denial of Service None Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
2.0.5 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35252 Anonymous


CVE-2024-35253 - Microsoft Azure File Sync Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35253
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.4/TemporalScore:4.2
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityHigh
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

Exploiting this vulnerability would allow the attacker to perform arbitrary deletion of files that are not accessible to unprivileged users on the victim machine.


According to the CVSS metric, user interaction is Required (UI:R). What does that mean for this vulnerability?

The successful exploitation of this vulnerability requires a user with administrator privileges to perform specific operations on the endpoint targeted by the attacker.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35253
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure File Sync v16.0 5039814 (Security Update) Important Elevation of Privilege None Base: 4.4
Temporal: 4.2
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C
17.3 Maybe None
Azure File Sync v17.0 5039814 (Security Update) Important Elevation of Privilege None Base: 4.4
Temporal: 4.2
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C
17.3 Maybe None
Azure File Sync v18.0 5023058 (Security Update) Important Elevation of Privilege None Base: 4.4
Temporal: 4.2
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C
18.1 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35253 3wyeye5 with OSR


Fangming Gu with OSR


chino71 with OSR


CVE-2024-35254 - Azure Monitor Agent Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35254
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure Monitor Agent Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7.1/TemporalScore:6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What actions do customers need to take to protect themselves from this vulnerability?

Customers who have disabled Automatic Extension Upgrades or would like to upgrade an extension immediately must manually update their Azure Monitor Agent to the latest version. For more information on how to perform a manual update, see Manage Azure Monitor Agent.


How could an attacker exploit this vulnerability and what privileges could an attacker gain?

An authenticated attacker with read access permissions can exploit this vulnerability to perform arbitrary file and folder deletion on the host where the Azure Monitor Agent is installed.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?

This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35254
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Monitor Agent Release Notes (Security Update) Important Elevation of Privilege None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
1.26.0 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35254 R4nger & Zhiniang Peng


CVE-2024-35263 - Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35263
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.


What type of information could be disclosed by this vulnerability?

This vulnerability allows exfiltration of all the data that the logged-in user can access.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35263
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Dynamics 365 (on-premises) version 9.1 5039459 (Security Update) Important Information Disclosure None Base: 5.7
Temporal: 5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1.29 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35263 Erik Donker


CVE-2024-35265 - Windows Perception Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-35265
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Windows Perception Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:7/TemporalScore:6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability?

To exploit this vulnerability an attacker must have an account with the User role assigned.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-35265
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Windows 10 Version 1809 for 32-bit Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for ARM64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 1809 for x64-based Systems 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows 10 Version 21H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 21H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege 5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.19044.4529
Yes 5039211
Windows 10 Version 22H2 for 32-bit Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for ARM64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 10 Version 22H2 for x64-based Systems 5039211 (Security Update) Important Elevation of Privilege
5037768
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.19045.4529
Yes 5039211
Windows 11 version 21H2 for ARM64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 version 21H2 for x64-based Systems 5039213 (Security Update) Important Elevation of Privilege 5037770
Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22000.3019
Yes 5039213
Windows 11 Version 22H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 22H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22621.3737 Yes None
Windows 11 Version 23H2 for ARM64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows 11 Version 23H2 for x64-based Systems 5039212 (Security Update) Important Elevation of Privilege 5037771 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.22631.3737 Yes None
Windows Server 2019 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None
Windows Server 2019 (Server Core installation) 5039217 (Security Update) Important Elevation of Privilege 5037765 Base: 7
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10.0.17763.5936 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-35265 goodbyeselene


CVE-2024-37325 - Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-37325
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:8.1/TemporalScore:7.3
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

What actions do customers need to take to protect themselves from this vulnerability?

Only customers using Linux/Ubuntu Data Science Virtual Machines (DSVM) with versions prior to 24.05.24 may be affected. For guidance on how to update your resources, reference the following: Upgrade your Data Science Virtual Machine to Ubuntu 20.04. Customers who deploy DSVMs using CLI or scripts may also need to update the DSVM version specified in their deployment parameters.


How could an attacker exploit this vulnerability?

An unauthenticated attacker could send a specially crafted request to the target machine to gain access to credentials of authorized users. This could enable an attacker to impersonate the user and perform any operations the compromised user is permitted to perform.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-37325
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Azure Data Science Virtual Machines for Linux Release Notes (Security Update) Important Elevation of Privilege None Base: 8.1
Temporal: 7.3
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
24.05.24 Yes None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-37325 Yanir Tsarimi


CVE-2024-30058 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30058
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.4/TemporalScore:4.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.


What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass the permissions dialog feature prompt presented to users when initiating a download.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Low Spoofing

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30058
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Low Spoofing None Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30058 Narendra Bhati with Lead Penetration Tester at Suma Soft Pvt. Ltd. India


CVE-2024-30057 - Microsoft Edge for iOS Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30057
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Edge for iOS Spoofing Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:5.4/TemporalScore:4.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.


According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.


What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass the permissions dialog feature prompt presented to users when initiating a download.


Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Low Spoofing

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30057
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge for iOS Release Notes (Security Update) Low Spoofing None Base: 5.4
Temporal: 4.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30057 Narendra Bhati with Lead Penetration Tester at Suma Soft Pvt. Ltd. India


CVE-2024-6290 - Chromium: CVE-2024-6290 Use after free in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-6290
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-6290 Use after free in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/27/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-6290
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.8 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-6290 None

CVE-2024-6293 - Chromium: CVE-2024-6293 Use after free in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-6293
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-6293 Use after free in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/27/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-6293
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.8 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-6293 None

CVE-2024-6292 - Chromium: CVE-2024-6292 Use after free in Dawn

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-6292
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-6292 Use after free in Dawn
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/27/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-6292
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.8 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-6292 None

CVE-2024-6291 - Chromium: CVE-2024-6291 Use after free in Swiftshader

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-6291
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-6291 Use after free in Swiftshader
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/27/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-6291
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.8 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-6291 None

CVE-2024-34122 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-34122
MITRE
NVD

Issuing CNA: Adobe

CVE Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS:
None
Executive Summary:
None
FAQ:
Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Why is this Adobe CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/27/2024    

Information published.


Moderate Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-34122
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Moderate Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.8 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-34122 0x140ce


CVE-2024-30052 - Visual Studio Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-30052
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Visual Studio Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.7/TemporalScore:4.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    06/11/2024    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-30052
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Remote Code Execution None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
15.9.63 Maybe None
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Remote Code Execution None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
16.11.37 Maybe None
Microsoft Visual Studio 2022 version 17.10 Release Notes (Security Update) Important Remote Code Execution None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
17.10.2 Maybe None
Microsoft Visual Studio 2022 version 17.4 Release Notes (Security Update) Important Remote Code Execution None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
17.4.20 Maybe None
Microsoft Visual Studio 2022 version 17.6 Release Notes (Security Update) Important Remote Code Execution None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
17.6.16 Maybe None
Microsoft Visual Studio 2022 version 17.8 Release Notes (Security Update) Important Remote Code Execution None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
17.8.11 Maybe None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-30052 goodbyeselene


CVE-2024-5846 - Chromium: CVE-2024-5846 Use after free in PDFium

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5846
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5846 Use after free in PDFium
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5846
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5846 None

CVE-2024-5847 - Chromium: CVE-2024-5847 Use after free in PDFium

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5847
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5847 Use after free in PDFium
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5847
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5847 None

CVE-2024-5845 - Chromium: CVE-2024-5845 Use after free in Audio

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-5845
MITRE
NVD

Issuing CNA: Chrome

CVE Title: Chromium: CVE-2024-5845 Use after free in Audio
CVSS:
None
Executive Summary:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.


FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-5845
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-5845 None

CVE-2024-38083 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2024-38083
MITRE
NVD

Issuing CNA: Microsoft

CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS:

CVSS:3.1 Highest BaseScore:4.3/TemporalScore:3.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

Executive Summary:
None
FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.


According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual.


Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version
Stable 126.0.2592.56 6/13/2024 126.0.6478.57
Extended Stable 126.0.2592.56 6/13/2024 126.0.6478.57

Mitigations:
None
Workarounds:
None
Revision:
1.0    06/13/2024    

Information published.


Moderate Spoofing

Exploitability Index

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2024-38083
Product KB Article Severity Impact Supercedence CVSS Score Set Fixed Build Restart Required Known Issue
Microsoft Edge for Android Release Notes (Security Update) Moderate Spoofing None Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
126.0.2592.56 No None
Microsoft Edge for iOS Release Notes (Security Update) Moderate Spoofing None Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
126.0.2592.56 No None

Acknowledgements

CVE ID Acknowledgements
CVE-2024-38083 Renwa (@RenwaX23)